Question 1 1 out of 1 points ____ of information is the quality or state of being genuine or original. Answer Selected Answer: 1. Authenticity Question 2 1 out of 1 points The first phase of risk management is ____. Answer Selected Answer: 3. risk identification Question 3 1 out of 1 points Complete loss of power for a moment is known as a ____. Answer Selected Answer: 2. fault Question 4 1 out of 1 points During the ____ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design. Answer Selected Answer: 4. physical design Question 5
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Question 1
1 out of 1 points
____ of information is the quality or state of being genuine or original.Answer
Selected Answer: 1. Authenticity
Question 2
1 out of 1 points
The first phase of risk management is ____.Answer
Selected Answer: 3. risk identification
Question 3
1 out of 1 points
Complete loss of power for a moment is known as a ____.Answer
Selected Answer: 2. fault
Question 4
1 out of 1 points
During the ____ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design.Answer
Selected Answer: 4. physical design
Question 5
1 out of 1 points
Which of the following acts is also widely known as the Gramm-Leach-Bliley Act?Answer
____ attempts to prevent trade secrets from being illegally shared.Answer
Selected Answer: 2. Economic Espionage Act
Question 7
1 out of 1 points
There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security.Answer
Selected Answer: 3. dumpster diving
Question 8
1 out of 1 points
The ____ security policy is a planning document that outlines the process of implementing security in the organization.Answer
Selected Answer: 4. program
Question 9
1 out of 1 points
Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.Answer
Selected Answer: 3. appetite
Question 10
1 out of 1 points
In a(n) ____, each information asset is assigned a score for each of a set of assigned critical factor.Answer
Selected Answer: 1. weighted factor analysis
Question 11
1 out of 1 points
The military uses a ____-level classification scheme.Answer
Selected Answer: 4. five
Question 12
1 out of 1 points
____ is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure of an organization.Answer
Selected Answer: 3. PKI
Question 13
1 out of 1 points
As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____.Answer
Selected Answer: 1. hoaxes
As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____.Answer
Selected Answer: 1. hoaxes
Question 14
1 out of 1 points
____ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.Answer
Selected Answer: 1. DR
Question 15
1 out of 1 points
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.Answer
Selected Answer: 3. accept control
Question 16
0 out of 1 points
____ law comprises a wide variety of laws that govern a nation or state.Answer
Selected Answer: 4. Criminal
Question 17
1 out of 1 points
The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.Answer
Selected Answer: 2. Security and Freedom through Encryption Act
The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.Answer
Selected Answer: 2. Security and Freedom through Encryption Act
Question 18
1 out of 1 points
____ are software programs that hide their true nature, and reveal their designed behavior only when activated.Answer
Selected Answer: 3. Trojan horses
Question 19
1 out of 1 points
A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.Answer
Selected Answer: 2. distributed denial-of-service
Question 20
1 out of 1 points
There are generally two skill levels among hackers: expert and ____.Answer
Selected Answer: 1. novice
Question 21
1 out of 1 points
What is the subject of the Sarbanes-Oxley Act?Answer
Selected Answer: 3. Financial Reporting
What is the subject of the Sarbanes-Oxley Act?Answer
Selected Answer: 3. Financial Reporting
Question 22
1 out of 1 points
The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the ____ plan.Answer
Selected Answer: 1. IR
Question 23
1 out of 1 points
____ is simply how often you expect a specific type of attack to occur.Answer
Selected Answer: 4. ARO
Question 24
1 out of 1 points
The ____ data file contains the hashed representation of the user’s password.Answer
Selected Answer: 2. SAM
Question 25
1 out of 1 points
“4-1-9” fraud is an example of a ____ attack.Answer
Selected Answer: 2. social engineering
“4-1-9” fraud is an example of a ____ attack.Answer
Selected Answer: 2. social engineering
Question 26
1 out of 1 points
A computer is the ____ of an attack when it is used to conduct the attack.Answer
Selected Answer: 1. subject
Question 27
1 out of 1 points
The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) ____.Answer
Selected Answer: 4. CBA
Question 28
1 out of 1 points
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage ____.Answer
Selected Answer: 1. by accident
Question 29
1 out of 1 points
Acts of ____ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.Answer
Selected Answer: 3. trespass
Acts of ____ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.Answer
Selected Answer: 3. trespass
Question 30
1 out of 1 points
Which of the following is a valid type of data ownership?Answer
Selected Answer: 1. All of the above
Question 31
1 out of 1 points
____ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.Answer
Selected Answer: 1. Physical
Question 32
1 out of 1 points
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?Answer
Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources?Answer
Selected Answer: 3. Singapore
Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources?Answer
Selected Answer: 3. Singapore
Question 34
1 out of 1 points
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except ____.Answer
Selected Answer: 4. to harass
Question 35
1 out of 1 points
The concept of competitive ____ refers to falling behind the competition.Answer
Selected Answer: 1. disadvantage
Question 36
1 out of 1 points
The ____ strategy attempts to shift risk to other assets, other processes, or other organizations.Answer
Selected Answer: 2. transfer control
Question 37
1 out of 1 points
In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.Answer
Selected Answer: 1. man-in-the-middle
In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.Answer
Selected Answer: 1. man-in-the-middle
Question 38
1 out of 1 points
What is the subject of the Computer Security Act?Answer
Selected Answer: 2. Federal Agency Information Security
Question 39
1 out of 1 points
A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.Answer
Selected Answer: 4. FCO
Question 40
1 out of 1 points
The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.Answer
Selected Answer: 3. Fraud
Question 41
1 out of 1 points
The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.Answer
Selected Answer: 2. Health Insurance
The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.Answer
Selected Answer: 2. Health Insurance
Question 42
1 out of 1 points
Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) ____.Answer
Selected Answer: 3. SLA
Question 43
1 out of 1 points
____ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization’s stakeholders.Answer
Selected Answer: 1. Operational
Question 44
1 out of 1 points
When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____.Answer
Selected Answer: 1. standard of due care
Question 45
1 out of 1 points
____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.Answer
Selected Answer: 3. Zombies
____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.Answer
Selected Answer: 3. Zombies
Question 46
1 out of 1 points
Many corporations use a ____ to help secure the confidentiality and integrity of information.Answer
Selected Answer: 2. data classification scheme
Question 47
1 out of 1 points
Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses?Answer
Selected Answer: 3. Computer Fraud and Abuse Act
Question 48
1 out of 1 points
The ____ strategy attempts to prevent the exploitation of the vulnerability.Answer
Selected Answer: 2. defend control
Question 49
1 out of 1 points
Which of the following functions does information security perform for an organization?Answer
Selected Answer: 1. All of the above.
Which of the following functions does information security perform for an organization?Answer
Selected Answer: 1. All of the above.
Question 50
1 out of 1 points
____ policies address the particular use of certain systems.Answer
Selected Answer: 2. Systems-specific
Question 51
1 out of 1 points
The ____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network.Answer
Selected Answer: 4. TCP
Question 52
1 out of 1 points
Which of the following is an example of a Trojan horse program?Answer
Selected Answer: 2. Happy99.exe
Question 53
1 out of 1 points
The ____ is a methodology for the design and implementation of an information system in an organization.Answer
Selected Answer: 2. SDLC
Question 54
1 out of 1 points
____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.Answer
Selected Answer: 4. Risk
Question 55
1 out of 1 points
The most successful kind of top-down approach involves a formal development strategy referred to as a ____.Answer
Selected Answer: 2. systems development life cycle
Question 56
1 out of 1 points
____ defines stiffer penalties for prosecution of terrorist crimes.Answer
Selected Answer: 3. USA Patriot Act
Question 57
1 out of 1 points
Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss. ____ dictates what steps are taken when an attack occurs.Answer
Selected Answer: 2. Incident response
Question 58
1 out of 1 points
____ was the first operating system to integrate security as its core functions.Answer
Selected Answer: 3. MULTICS
Question 59
1 out of 1 points
The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any ____ purposes.Answer
Selected Answer: 2. marketing
Question 60
1 out of 1 points
____ is any technology that aids in gathering information about a person or organization without their knowledge.Answer
Selected Answer: 2. Spyware
Question 61
1 out of 1 points
The National Information Infrastructure Protection Act of 1996 modified which Act?Answer
Selected Answer: 2. Computer Fraud and Abuse Act
Question 62
1 out of 1 points
An information system is the entire set of ____, people, procedures, and networks that make possible the use of information resources in the organization.Answer
Selected Answer: 3. All of the above
Question 63
1 out of 1 points
____ addresses are sometimes called electronic serial numbers or hardware addresses.Answer
Selected Answer: 1. MAC
Question 64
1 out of 1 points
People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role.Answer
Selected Answer: 1. system administrators
Question 65
1 out of 1 points
Organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product.Answer
Selected Answer: 4. security
Question 66
1 out of 1 points
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.Answer
Selected Answer: 4. confidential
Question 67
1 out of 1 points
One form of online vandalism is ____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.Answer
Selected Answer: 3. hacktivist
Question 68
1 out of 1 points
Management of classified data includes its storage and ____.Answer
Selected Answer: 2. All of the above
Question 69
1 out of 1 points
The ____ security policy is an executive-level document that outlines the organization’s approach and attitude towards information security and relates the strategic value of information security within the organization.Answer
Selected Answer: 1. general
Question 70
1 out of 1 points
Laws and policies and their associated penalties only deter if which of the following conditions is present?Answer
Selected Answer: 2. All of the above
Question 71
1 out of 1 points
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____ characters in Internet Explorer 4.0, the browser will crash.Answer
Selected Answer: 3. 256
Question 72
1 out of 1 points
According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents.Answer
Selected Answer: 4. cyberterrorism
Question 73
1 out of 1 points
____ is the predecessor to the Internet.Answer
Selected Answer: 4. ARPANET
Question 74
1 out of 1 points
____ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.Answer
Selected Answer: 2. Public
Question 75
1 out of 1 points
In a ____ attack, the attacker sends a large number of connection or information requests to a target.Answer
Selected Answer: 1. denial-of-service
Question 76
1 out of 1 points
____ presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.Answer
Selected Answer: 3. NSTISSI No. 4011
Question 77
1 out of 1 points
The Council of Europe adopted the Convention of Cybercrime in ____.Answer
Selected Answer: 3. 2001
Question 78
1 out of 1 points
The ____ model consists of six general phases.Answer
Selected Answer: 4. waterfall
Question 79
1 out of 1 points
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.Answer
Selected Answer: 4. CISO
Question 80
1 out of 1 points
Criminal or unethical ____ goes to the state of mind of the individual performing the act.Answer
Selected Answer: 4. intent
Question 81
1 out of 1 points
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a ____ value.Answer
Selected Answer: 2. hash
Question 82
1 out of 1 points
Which of the following phases is the longest and most expensive phase of the systems development life cycle?Answer
Selected Answer: 4. maintenance and change
Question 83
1 out of 1 points
A(n) ____ attack is a hacker using a personal computer to break into a system.Answer
Selected Answer: 4. direct
Question 84
1 out of 1 points
A famous study entitled “Protection Analysis: Final Report” was published in ____.Answer
Selected Answer: 3. 1978
Question 85
1 out of 1 points
Risk ____ is the application of controls to reduce the risks to an organization’s data and information systems.Answer
Selected Answer: 1. control
Question 86
1 out of 1 points
Risk control is the application of controls to reduce the risks to an organization’s data and information systems.Answer
Selected Answer: 1. True
Question 87
1 out of 1 points
A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.Answer
Selected Answer: 2. True
Question 88
0 out of 1 points
Once the organizational threats have been identified, an assets identification process is undertaken.Answer
Selected Answer: 2. True
Question 89
1 out of 1 points
Due care requires that an organization make a valid effort to protect others and continually maintain this level of effort.Answer
Selected Answer: 2. False
Question 90
0 out of 1 points
Eliminating a threat is an impossible proposition.Answer
Selected Answer: 1. True
Question 91
1 out of 1 points
Identifying human resources, documentation, and data information assets of an organization is less difficult than identifying hardware and software assets.Answer
Selected Answer: 2. False
Question 92
1 out of 1 points
Network security focuses on the protection of the details of a particular operation or series of activities.Answer
Selected Answer: 2. False
Question 93
0 out of 1 points
The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).Answer
Selected Answer: 1. True
Question 94
1 out of 1 points
The Department of Homeland Security is the only U.S. federal agency charged with the protection of American information resources and the investigation of threats to, or attacks on, the resources.Answer
Selected Answer: 1. False
The Department of Homeland Security is the only U.S. federal agency charged with the protection of American information resources and the investigation of threats to, or attacks on, the resources.Answer
Selected Answer: 1. False
Question 95
1 out of 1 points
The results from risk assessment activities can be delivered in a number of ways: a report on a systematic approach to risk control, a project-based risk assessment, or a topic-specific risk assessment.Answer
Selected Answer: 1. True
Question 96
0 out of 1 points
One problem with benchmarking is that there are many organizations that are identical.Answer
Selected Answer: 1. True
Question 97
1 out of 1 points
A worm requires that another program is running before it can begin functioning.Answer
Selected Answer: 1. False
Question 98
0 out of 1 points
Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people’s information systems.Answer
Selected Answer: 1. False
Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people’s information systems.Answer
Selected Answer: 1. False
Question 99
0 out of 1 points
Thirty-four countries have ratified the European Council Cyber-Crime Convention as of April 2010.Answer
Selected Answer: 2. True
Question 100
1 out of 1 points
The value of information comes from the characteristics it possesses.Answer
Selected Answer: 1. True
Question 101
1 out of 1 points
Information security safeguards the technology assets in use at the organization.Answer
Selected Answer: 1. True
Question 102
1 out of 1 points
A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.Answer
Selected Answer: 2. True
A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.Answer
Selected Answer: 2. True
Question 103
1 out of 1 points
Information security can be an absolute.Answer
Selected Answer: 2. False
Question 104
1 out of 1 points
Best business practices are often called recommended practices.Answer
Selected Answer: 1. True
Question 105
1 out of 1 points
When determining the relative importance of each asset, refer to the organization’s mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts.Answer
Selected Answer: 2. True
Question 106
1 out of 1 points
“If you realize you do not know the enemy, you will gain an advantage in every battle." (Sun Tzu)Answer
Selected Answer: 2. False
“If you realize you do not know the enemy, you will gain an advantage in every battle." (Sun Tzu)Answer
Selected Answer: 2. False
Question 107
1 out of 1 points
The roles of information security professionals are aligned with the goals and mission of the information security community of interest.Answer
Selected Answer: 2. True
Question 108
0 out of 1 points
Information security managers and technicians are the creators of information.Answer
Selected Answer: 2. True
Question 109
1 out of 1 points
Studies have reported that the Pacific Rim countries of Singapore and Hong Kong are hotbeds of software piracy.Answer
Selected Answer: 1. True
Question 110
1 out of 1 points
An e-mail virus involves sending an e-mail message with a modified field.Answer
Selected Answer: 2. False
An e-mail virus involves sending an e-mail message with a modified field.Answer
Selected Answer: 2. False
Question 111
1 out of 1 points
You should adopt naming standards that do not convey information to potential system attackers.Answer
Selected Answer: 2. True
Question 112
1 out of 1 points
A champion is a project manager, who may be a departmental line manager or staff unit manager, and understands project management, personnel management, and information security technical requirements.Answer
Selected Answer: 1. False
Question 113
0 out of 1 points
DHS is made up of three directorates.Answer
Selected Answer: 2. True
Question 114
1 out of 1 points
The bottom-up approach to information security has a higher probability of success than the top-down approach.Answer
Selected Answer: 1. False
The bottom-up approach to information security has a higher probability of success than the top-down approach.Answer
Selected Answer: 1. False
Question 115
0 out of 1 points
The NSA is responsible for signal intelligence and information system security.Answer
Selected Answer: 1. False
Question 116
1 out of 1 points
DoS attacks cannot be launched against routers.Answer
Selected Answer: 2. False
Question 117
1 out of 1 points
A firewall is a mechanism that keeps certain kinds of network traffic out of a private network.Answer
Selected Answer: 2. True
Question 118
1 out of 1 points
The difference between a policy and a law is that ignorance of a law is an acceptable defense.Answer
Selected Answer: 1. False
The difference between a policy and a law is that ignorance of a law is an acceptable defense.Answer
Selected Answer: 1. False
Question 119
1 out of 1 points
Metrics-based measures are generally less focused on numbers and more strategic than process-based measures.Answer
Selected Answer: 1. False
Question 120
0 out of 1 points
Protocols are activities performed within the organization to improve security.Answer
Selected Answer: 2. True
Question 121
1 out of 1 points
Some argue that it is virtually impossible to determine the true value of information and information-bearing assets.Answer
Selected Answer: 1. True
Question 122
1 out of 1 points
Compared to Web site defacement, vandalism within a network is less malicious in intent and more public.Answer
Selected Answer: 2. False
Compared to Web site defacement, vandalism within a network is less malicious in intent and more public.Answer
Selected Answer: 2. False
Question 123
1 out of 1 points
Forces of nature, force majeure, or acts of God can present some of the most dangerous threats, because they are usually occur with very little warning and are beyond the control of people.Answer
Selected Answer: 1. True
Question 124
1 out of 1 points
Using a methodology increases the probability of success.Answer
Selected Answer: 1. True
Question 125
1 out of 1 points
Leaving unattended computers on is one of the top information security mistakes made by individuals.Answer
Selected Answer: 2. True
Question 126
1 out of 1 points
There are four general causes of unethical and illegal behavior.Answer
Selected Answer: 2. False
Question 127
1 out of 1 points
When a computer is the subject of an attack, it is the entity being attacked.Answer
Selected Answer: 2. False
Question 128
1 out of 1 points
The key difference between laws and ethics is that ethics carry the authority of a governing body and laws do not.Answer
Selected Answer: 2. False
Question 129
0 out of 1 points
Know yourself means identifying, examining, and understanding the threats facing the organization.Answer
Selected Answer: 2. True
Question 130
1 out of 1 points
With electronic information is stolen, the crime is readily apparent.Answer
Selected Answer: 1. False
Question 131
1 out of 1 points
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident.Answer
Selected Answer: 1. True
Question 132
1 out of 1 points
Cultural differences can make it easy to determine what is and is not ethical—especially when it comes to the use of computers.Answer
Selected Answer: 2. False
Question 133
0 out of 1 points
Every organization should have the collective will and budget to manage every threat by applying controls.Answer
Selected Answer: 2. True
Question 134
1 out of 1 points
A certificate authority should actually be categorized as a software security component.Answer
Selected Answer: 1. True
Question 135
1 out of 1 points
The Information Systems Security Association (ISSA) is a nonprofit society of information security professionals whose primary mission is to bring together qualified information security practitioners for information exchange and educational development.Answer
Selected Answer: 1. True
Question 136
0 out of 1 points
The amount of money spent to protect an asset is based in part on the value of the asset.Answer
Selected Answer: 2. False
Question 137
1 out of 1 points
Comprehensive means that an information asset should fit in only one category.Answer
Selected Answer: 1. False
Question 138
1 out of 1 points
A sniffer program shows all the data going by on a network segment including passwords, the data inside files—such as word-processing documents—and screens full of sensitive data from applications.Answer
Selected Answer: 2. True
Question 139
1 out of 1 points
A timing attack involves the interception of cryptographic elements to determine keys and encryption algorithms.Answer
Selected Answer: 2. True
Question 140
1 out of 1 points
Examples of exceptionally grave damage include armed hostilities against the United States or its allies and disruption of foreign relations vitally affecting the national security.Answer
Selected Answer: 1. True
Question 141
1 out of 1 points
Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality’s ethical behavior violates the ethics of another national group.Answer
Selected Answer: 1. True
Question 142
0 out of 1 points
A breach of possession always results in a breach of confidentiality.Answer
Selected Answer: 2. True
Question 143
1 out of 1 points
An act of theft performed by a hacker falls into the category of “theft,” but is also often accompanied by defacement actions to delay discovery and thus may also be placed within the category of “forces of nature.”Answer
Selected Answer: 2. False
Question 144
1 out of 1 points
The Clipper Chip can be used to monitor or track private communications.Answer
Selected Answer: 1. True
Question 145
1 out of 1 points
With the removal of copyright protection, software can be easily distributed and installed.Answer
Selected Answer: 2. True
Question 146
0 out of 1 points
If every vulnerability identified in the organization is handled through mitigation, it may reflect an inability to conduct proactive security activities and an apathetic approach to security in general.Answer
Selected Answer: 2. True
Question 147
1 out of 1 points
Organizations should communicate with system users throughout the development of the security program, letting them know that change are coming.Answer
Selected Answer: 2. True
Organizations should communicate with system users throughout the development of the security program, letting them know that change are coming.Answer
Selected Answer: 2. True
Question 148
1 out of 1 points
Applications systems developed within the framework of the traditional SDLC are designed to anticipate a software attack that requires some degree of application reconstruction.Answer
Selected Answer: 2. False
Question 149
1 out of 1 points
Organizations can use dictionaries to disallow passwords during the reset process and thus guard against easy-to-guess passwords.Answer
Selected Answer: 1. True
Question 150
1 out of 1 points
Established in January 2001, the National InfraGard Program began as a cooperative effort between the FBI’s Cleveland Field Office and local technology professionals.Answer