IS Chapter 15 Quiz

Ace your homework & exams now with Quizwiz!

The U.S. Transportation Administration (TSA) initially started with an anti-counterfeiting role in 1865. True/False

False

United States Computer Emergency Response Team (US-CERT) developed OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Exposure), a risk management methodology. True/False

False

The ________ manages the U.S. Secret Service, Customs and Border Protection, and the Transportation Security Administration (TSA).

Department of Homeland Security (DHS)

Once qualified, an (ISC)2 certification is valid for life. True/False

False

The MITRE Corporation hosts the National Vulnerability Database (NVD). True/False

False

The National Institute of Standards and Technology (NIST) manages the U.S. Secret Service. True/False

False

Open Web Application Security Project (OWASP) tools include the following EXCEPT: -Nmap -AntiSamy -WebScarab -WebGoat

NOT Anti NOT WebGoat

The National Cyber Security Division (NCSD) is part of which U.S. federal agency? -Federal Trade Commission -Department of Homeland Security -Federal Communications Commission -Department of Commerce

NOT Department of Commerce NOT Federal Communications

Which organization's projects include the Web-Hacking Incident Database and distributed open proxy honeypots? -US-CERT -National Cyber Security Division (NCSD) -Web Application Security Consortium (WASC) -MITRE Corporation

NOT National NOT MITRE

Which of the following is NOT true of the United States Computer Emergency Response Team Coordination Center (CERT/CC)? -Plays an active role in the investigation of computer incidents -Is part of the Software Engineering Institute at Carnegie Mellon University -Conducts research and training for the wider computer security incident response team (CSIRT) community -Provides training for OCTAVE

NOT Provides NOT Conducts NOT Is part

You are an information systems security professional who is interested in specializing in risk management. Which of the following (ISC)2 certifications is most appropriate? -Systems Security Certified Practitioner (SSCP) -Certified Information Systems Security Professional (CISSP) -Certification and Accreditation Professional (CAP) -Associate

NOT Systems NOT Certified

You are a program developer who is interested in specializing in the security aspects of software development. Which of the following (ISC)2 certifications is most appropriate? -Certification and Accreditation Professional (CAP) -Certified Secure Software Lifecycle Professional (CSSLP) -Systems Security Certified Practitioner (SSCP) -Certified Information Systems Security Professional (CISSP)

NOT Systems NOT Certified Information

You are a recent college graduate with a degree in information systems security. Which of the following (ISC)2 certifications is most appropriate for a person starting a career in this field? -Certified Information Systems Security Professional (CISSP) -Associate -Systems Security Certified Practitioner (SSCP) -Certification and Accreditation Professional (CAP)

NOT Systems NOT Certified Information

The National Institute of Standards and Technology (NIST) publishes:

NOT The Common

United States Computer Emergency Response Team (US-CERT) is part of which organization? -Computer Emergency Response Team Coordination Center (CERT/CC) -National Institute of Standards and Technology (NIST) -National Cyber Security Division (NCSD) -The MITRE Corporation

NOT The MITRE

What is the purpose of a honeypot?

NOT To draw participants to user awareness training

Which of the following does National Institute of Standards and Technology (NIST) offer? -Common Vulnerabilities and Exposures (CVE) list -CISSP certification -Federal Information Processing Standards (FIPS) -Web-Hacking Incident Database

NOT Web- NOT CISSP

Which technology does US-CERT primarily use to keep you up to date on security tips, bulletins, and alerts, as well as the most recent security activities with leading vendors?

Really Simple Syndication (RSS) feeds

What is the primary focus of U.S. DoD Directive 8570?

Security certification for federally related workers

Open Software Assurance Maturity Model (OpenSAMM) is derived from the basic structure of: -The Carnegie Mellon University Software Engineering Institute’s Capability Maturity Model -NIST Special Publication 800-53 -The WASC Web Threat Classification -OCTAVE

The Carnegie Mellon University Software Engineering Institute’s Capability Maturity Model

The National Cyberspace Response System, part of the NCSD, is a comprehensive program that covers the following EXCEPT: -Computer vulnerabilities -The Special Publications 800 series of guides and recommendations -Computer incident response -Information sharing

The Special Publications 800 series of guides and recommendations

A single entry on the Common Vulnerabilities and Exposures (CVE) list is known as a "CVE identifier." True/False

True

CERT/CC is part of the Software Engineering Institute at Carnegie Mellon University. True/False

True

CERT/CC was founded in 1988 under contract from DARPA, after the Morris Worm attack. True/False

True

Open proxies are computers that anonymously accept and forward requests for network services, and they are often used to shield attackers from tracking. True/False

True

Open source refers to a copyright or licensing system that, compared with conventional commercial licensing schemes, allows wide use and modification of the material. True/False

True

The (ISC)2 CISSP certification is based on the Common Body of Knowledge (CBK). True/False

True

The Common Vulnerabilities and Exposures (CVE) list was created as a commonly accepted reference system for computer and software vulnerabilities. True/False

True

The Department of Homeland Security (DHS) manages the Transportation Security Administration (TSA). True/False

True

The MITRE Corporation established the CVE list in 1999 in collaboration with a number of software and security vendors. True/False

True

The MITRE Corporation is a major government and defense contractor, set up and operating as a not-for-profit corporation. True/False

True

The NIST Computer Security Resource Center (CSRC) provides public access to NIST final and draft reports. True/False

True

The NIST Federal Information Processing Standards (FIPS) series sets specifications for essential security components. True/False

True

The National Cyber Security Division (NCSD) of the Department of Homeland Security sponsors the Common Vulnerabilities and Exposures (CVE) list. True/False

True

The National Infrastructure Advisory Council is a presidential advisory panel of up to 30 appointed members. Its role is to provide advice on securing key sectors of the economy and government. True/False

True


Related study sets

H&C Prep U CH: 46 Management of Patients With Gastric and Duodenal Disorders

View Set

Chapter 28 Questions (Activity, Immobility, and Safe Movement)

View Set

RPA 4: Immunity and Epidemiology

View Set

GCSS-Army Basic Navigation Test 1

View Set

Nissan Variable Compression Turbo Engine

View Set