Practice Exam 01
Which of the following organizations put forth a code of ethics designed primarily for InfoSec professionals who have earned their certifications? The code includes the canon: Provide diligent and competent service to principals.
(ISC)2
The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which process?
Authentication
A ____________ overflow is an application error that occurs when the system can't handle the amount of data that is sent.
Buffer
Which of the following is a C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information?
Confidentiality
Attempting to reverse-calculate a password is called ____________________.
Cracking
Which of the following is an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially via the removal of technological copyright protection measures?
DMCA
Which type of attack involves sending a large number of connection or information requests to a target?
Denial of Service
Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics?
Deontological ethics
Which of the following is the best method for preventing an illegal or unethical activity? Examples include laws, policies and technical controls.
Deterrence
A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffer. _________________________
False
Corruption of information can occur only while information is being stored.
False
DoS attacks cannot be launched against routers.
False
Ethics carry the sanction of a governing authority.
False
One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail. _________________________
False
"Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance. _________________________
False Surfing
Information ambiguation occurs when pieces of non-private data are combined to create information that violates privacy. _________________________
False aggregation
The macro virus infects the key operating system files located in a computer's start up sector. _________________________
False boot virus
A signaling law specifies a requirement for organizations to notify affected parties when they have experienced a specified type of loss of information. ____________
False breach
It is the responsibility of InfoSec professionals to understand state laws and standards. ____________
False regulations
The penalties for offenses related to the National Information Infrastructure Protection Act of 1996 depend on whether the offense is judged to have been committed for one of the following reasons except which of the following?
For political advantage
Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them?
HIPAA
One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
Hacktivist
The three levels of planning are strategic planning, tactical planning, and ____________________ planning.
Operational
Which of the following is the principle of management dedicated to the structuring of resources to support the accomplishment of objectives?
Organization
Which of the following is the principle of management that develops, creates, and implements strategies for the accomplishment of objectives?
Planning
Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines?
Policy
A momentary low voltage is called a(n) ____________________.
Sag
Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.
Trespass
A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.
True
The Secret Service is charged with the detection and arrest of any person committing a U.S. federal offense relating to computer fraud, as well as false identification crimes.
True
The Gramm-Leach-Bliley (GLB) Act (also known as the Financial Services Modernization Act of 1999) contains a number of provisions that affect banks, securities firms, and insurance companies. ___________
True
Due diligence requires that an organization make a valid and ongoing effort to protect others. ____________
True
Ethics are based on ___________________, which are the relatively fixed moral attitudes or customs of a societal group.
cultural mores
The branch of philosophy that considers nature, criteria, sources, logic, and the validity of moral judgment is known as ___________.
ethics
An organization increases its _____________ if it refuses to take measures—due care—to make sure that every employee knows what is acceptable and what is not, and the consequences of illegal or unethical actions.
liability
