Securities Midterm

Ace your homework & exams now with Quizwiz!

__________ of information is the quality or state of being genuine or original. - Accuracy - Authorization - Confidentiality - Authenticity

Authenticity

A technique used to gain unauthorized access; intruder assumes a trusted IP address.

Spoofing

It consists of code segments that attach to existing programs and take control of access to the targeted computer.

Virus

An attacker monitors the network packets, modifies them, and inserts them back into the network.

man-in-the-middle

What term is used to describe the quality or state of ownership or control of information? - confidentiality - possession - authenticity - integrity

possession

What is the subject of the Sarbanes-Oxley Act? - Privacy - Banking - Financial Reporting - Trade secrets

- Financial Reporting

Criminal or unethical _________ goes to the state of mind of the individual performing the act. - All of the above - intent - attitude - accident

- accident

A short-term interruption in electrical power availability is known as a _____. - fault - blackout - lag - brownout

- fault

Which of the following countries reported the least tolerant attitudes toward personal use of organizational computer resources? - Sweden - United States - Singapore - Australia

Singapore

Using a known or previously installed access mechanism is known as which of the following - hidden bomb - vector - spoof - back door

back door

gaining access to a system or network using known or previously unknown/newly discovered access mechanisim

back door

Standards may be published, scrutinized, and ratified by a group, as in formal or ____ standards. - de jure - de facto - de public - de formale

de jure

non-existent malware that employees waste time spreading awareness about

virus & worm hoaxes

Which of the following illustrates that each phase of the SDLC begins with the results and information gained from the previous phase? - waterfall model - methodology - software assurance - investigation

waterfall method

they replicate themselves until they completely fill available resources such as memory and hard drive space.

worms

The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization. - CISO - CIO - ISO - CTO

CISO

Ethics are the moral attitudes or customs of a particular group. - True - False

False

Network Security addresses the issues needed to protect items, objects, or areas. - True - False

False

The Security Education Training and Awareness (SETA) program is a control measure designed to reduce the instances of _____ security breaches by employees. - intentional - accidental - physical - external

accidental

Which type of attacker will hack systems to conduct terrorist activities via network or internet pathways? - cyberhackers - electronic terrorists - cyberterrorists - electronic hackers

cyberterrorists

The Domain Name Service (DNS) is a function of the World Wide Web that converts URL (Uniform Resource Locator) like www.course.com into the IP address of the Web server host. - True - False

true

Which type of security addresses the protection of all communications media, technology, and content? - Information - Network - Physical - Communcations

Communications

____________ is a strategy for the protection of information assets that uses multiple layers and different types of controls ( managerial, operations, and technical) to provide optimal protection. - Networking - Proxy - Defense in depth - Best-Effort

Defense in depth

a coordinated stream of requests is launched against a target from many locations simultaneously.

Distributed denial-of-service

The _______ is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts. - GSP - EISP - ISSP - SysSP

EISP

Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications. - Electronic Communications Privacy Act - Economic Espionage Act - Sarbanes-Oxley Act - Financial Services Modernization Ac

Electronic Communications Privacy Act

A worm requires that another program is running before it can begin functioning. - True - False

False

Database shadowing duplicates data in real-time data storage, but does not backup the databases at the remote site. - True - False

False

In the context of information security, confidentiality is the right of the individual or group to protect themselves and their information from unauthorized access. - True - False

False

Information has redundancy when it is free from mistakes or errors and it has the value that he end user expects. - True - False

False

When dealing with computerized information, a breach of possession will result in a breach of confidentiality. - True - False

False

When voltage levels lag (experience a momentary increase), the extra voltage can severely damage or destroy equipment ____________. - True - False

False

Which of the following acts is also widely known as the Gramm-Leach-Bliley Act? - Financial Services Modernization Act - Communications Act - Health Insurance Portability and Accountability Act - Computer Security Act

Financial Services Modernization Act

Which type of security encompasses the protection of voice and data networking components, connections, and content? - Information - Network - Physical - Communications

Network

It attacks a browser's address bar to redirect users to an illegitimate side for the purpose of obtaining private information.

Pharming

____________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. - Personal - Object - Physical - Standard

Physical

What can occur when developers fail to properly validate user input before using it to query a relational database?

SQL injection

_____ is any technology that aids in gathering information about a person or organization without their knowledge. - Spyware - A bot - Worm - Trojan

Spyware

The ___________ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. - WWW - FTP - HTTP - TCP

TCP

What is another name for a man-in-the-middle attack? - TCP hijacking - mail bombing - spoofing - denial of service

TCP hijacking

malware disguised as helpful, interesting, or necessary pieces of software

Trojan horses

Computer hardware is seldom the most valuable asset possessed by an organization. - True - False

True

Cyberterrorism has thus far been largely limited to acts such as the defacement of NATO web pages during the war in Kosovo - True - False

True

If information has a state of being genuine or original and is not a fabrication it has the characteristic of authenticity. - True - False

True

Indirect attacks originate from a compromise system or resource that is malfunctioning or working under the control of a threat. - True - False

True

Individuals with authorization and privileges to information within the organization are often those who are most likely to cause harm or damage by accident. - True - False

True

The secret is changed with safeguarding the nation's financial infrastructure and payments systems to preserve the integrity of the economy. - False - True

True

The value of information comes from the characteristics it possesses. - True - False

True

To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and planned revision date. - True - False

True

The _____ defines stiffer personalities for prosecution of terrorist crimes. - Sarbanes-Oxley Act - Gramm-Leach-Bliley Act - USA PATRIOT ACT - Economic Espionage Act

USA PATRIOT Act

A(n) _________ is a document containing contact information for the people to be notified in the even of an incident. - emergency notification system - call register - alert roster - phone list

alert roster

An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data; or is sometimes physical, such as a person, computer system, hardware, or other tangible object. Collectively all of these things are known as a(n) __________. - exploit - asset - risk - access

asset

Which of the following is an application error that occurs when more data is sent to a program buffer than it is designed to handle? - buffer underrun - buffer overrun - heap overflow - heap attack

buffer overrun

___________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-national groups or clandestine agents. - hacking - infoterrorism - cyberterrorism - cracking

cyberterrorism

___________ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information assets during or just following an incident. - incident response - strategy development - containment assessment - damage assessment

damage assessment

An attacker sends a large number of connection or information requests to a target. - the largest system becomes overloaded and cannot respond to legitimate requests for service - it may result in system crash or inability to perform ordinary functions

denial-of-service

In a ____________ attack, the attacker sends a large number of connection or information requests to disrupt a target from many locations at the same time. - distributed denial-of-service - virus - spam - denial-of-service

distributed denial-of-service

A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee's actions. - true - false

false

Which of the following occurs when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it? - information extortion - technological extortion - insider trading - information hording

information extortion

Which of the following phrases of the SDLC is often considered the longest and most expensive phase of the systems development life cycle. - investigation - logical design - maintenance and change - implementation

maintenance and change

In which phase of the NIST SDLC are the systems in place and operating, enhancements and/or modifications to the system are developed and tested, and hardware and/or software are added or replaced? - initiation - development and acquisition - implementation and assessment - operation and maintenance

operation and maintenance

it monitors data traveling over network; it can be used both for legitimate management purposes and for stealing information from a network.

packet sniffer

A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encypted password file is known as a(n) ___________. - crib - rainbow table - crack file - dictionary

rainbow table

Hackers of limited skill who use expertly written software to attack a system are known as which of the following? - cyberterrorists - script kiddies - jailbreakers - social engineers

script kiddies

"4-1-9" fraud is an example of a ___________ attack. - virus - worm - social engineering - spam

social engineering

which of the following examines the behavior of individuals as they interact with systems, whether societal systems or information systems? - community science - social science - societal science - interaction management

social science

it is considered more a nuisance than an attack, though is emerging as a vector for some attacks.

spam

When projects are initiated at the highest levels of an organization and then pushed to all levels, they are said to follow which approach? - executive led - trickle down - top-down - bottom-uo

top-down

A disaster recovery plan is a plan that shows the organization's intended efforts to restore operations at the original site in the aftermath of the disaster. - True - False

true

A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. - true - false

true

The person responsible for the storage, maintenance, and protection of the information is the data custodian. - true - false

true

Warnings of attacks that are not valid are usually called hoaxes - True - False

true


Related study sets

CIS- Chapter 10 - Mobile Devices

View Set

Microbiology Chapter 32: waterborne and foodborne bacterial and viral diseases

View Set

Chemistry - Chapter 3: Substances, Mixtures, and Solubility - Section 1: What is a Solution?

View Set

Biology Unit 4.2 Photosynthesis & Cellular Respiration

View Set

Works: Of which works are the following statements true?

View Set

EAQ quiz 2 Nutrition, Therapeutic Communication, and Documentation

View Set