IS 413- Final Exam Review

The __________ vulnerability assessment is a process that is designed to find and document selected vulnerabilities that are likely to be present on the internal network of the organization.

intranet

A __________ is usually the best approach to security project implementation.

phased implementation

You should adopt naming standards that do not convey information to potential system attackers. t/f

true

Class __________ fires are safely extinguished with non-conducting agents only.

class C

The policy administrator is responsible for the creation, revision, distribution, and storage of the policy. t/f

true

Common vulnerability assessment processes include:

all of choices

A(n) key is the steps used to convert an unencrypted message into an encrypted sequence of bits that represent the message; sometimes refers to the programs that enable the cryptographic processes. t/f

false

A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people. t/f

false

Loss event frequency is the combination of an asset's value and the percentage of it that might be lost in an attack. t/f

false

Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce. t/f

false

Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. t/f

false

The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release information about national security without permission. t/f

false

The disadvantages of using the honeypot or padded cell approach include the fact that the technical implications of using such devices are not well understood. t/f

false

When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment. t/f

false

By managing the __________, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.

process of change

__________ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.

public law

The __________ control strategy attempts to shift risk to other assets, other processes, or other organizations.

transfer

In static filtering, configuration rules must be manually created, sequenced, and modified within the firewall.. t/f

true

Many states have implemented legislation making certain computer-related activities illegal. t/f

true

Which of the following is not one of the categories of positions as defined by Schwartz, Erwin, Weafer, and Briney?

user