Final Exam Review Questions Funds of Security

Question1Marks: 1

Corrective action decisions are usually expressed in terms of trade-offs.

Answer:

True False

CorrectMarks for this submission: 1/1.

Question2Marks: 1

Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality’s ethical behavior violates the ethics of another national group.

Answer:

True False


Question3Marks: 1

Laws and policies and their associated penalties only deter if which of the following conditions is present?

Choose one answer.

a. Fear of penalty

b. Probability of being caught

c. Probability of penalty being administered

d. All of the above


Question4Marks: 1

Privacy is not absolute freedom from observation, but rather is a more precise “state of being free from unsanctioned intrusion.”

Answer:

True False


Question5Marks: 1

____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.

Choose one answer.

a. NIDPSs

b. HIDPSs

c. AppIDPSs

d. SIDPSs


Question6Marks: 1

The ____ layer of the bulls-eye model receives attention last.

Choose one answer.

a. Policies

b. Networks

c. Systems

d. Applications


Question7Marks: 1

Ethics define socially acceptable behaviors.

Answer:

True False


Question8

Marks: 1

Enticement is the action of luring an individual into committing a crime to get a conviction.

Answer:

True False


Question9Marks: 1

System Administration, Networking, and Security Organization is better known as ____.

Choose one answer.

a. SANO

b. SAN

c. SANS

d. SANSO


Question10Marks: 1

Criminal or unethical ____ goes to the state of mind of the individual performing the act.

Choose one answer.

a. attitude

b. intent

c. accident

d. ignorance


Question11Marks: 1

A(n) capability table specifies which subjects and objects users or groups can access.

Answer:

True False


Question12Marks: 1

Compared to Web site defacement, vandalism within a network is less malicious in intent and more public.

Answer:

True False


Question13Marks: 1

A cybernetic loop ensures that progress is measured periodically.

Answer:

True False


Question14Marks: 1

Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?

Choose one answer.

a. Electronic Communications Privacy Act

b. Financial Services Modernization Ac

c. Sarbanes-Oxley Act

d. Economic Espionage Act


Question15Marks: 1

A maintenance model such as the ISO model deals with methods to manage and operate systems.

Answer:

True False


Question16Marks: 1

Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses?

Choose one answer.

a. Electronic Communications Privacy Act of 1986

b. Freedom of Information Act (FOIA)

c. Computer Fraud and Abuse Act

d. Federal Privacy Act of 1974


Question17Marks: 1

Minutiae are unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created.

Answer:

True False


Question18Marks: 1

There are ____ common vulnerability assessment processes.

Choose one answer.

a. two

b. three

c. four

d. five


Question19Marks: 1

Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way.

Answer:

True False


Question20Marks: 1

A padded cell is a hardened honeynet.

Answer:

True False


Question21Marks: 1

A computer is the ____ of an attack when it is used to conduct the attack.

Choose one answer.

a. subject

b. object

c. target

d. facilitator


Question22Marks: 1

Administrators provide the policies, guidelines and standards in the Schwartz, Erwin,Weafer, and Briney classification.

Answer:

True False


Question23Marks: 1

Carbon dioxide systems rob fire of its oxygen.

Answer:

True False


Question24Marks: 1

The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use.

Choose one answer.

a. DES

b. RSA

c. MAC

d. AES


Question25Marks: 1

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident.

Answer:

True False


Question26Marks: 1

____ are hired by the organization to serve in a temporary position or to supplement the existing workforce.

Choose one answer.

a. Temporary employees

b. Consultants

c. Contractors

d. Self-employees


Question27Marks: 1

____ are encrypted messages that can be mathematically proven to be authentic.

Choose one answer.

a. Digital signatures

b. MAC

c. Message certificates

d. Message digests


Question28Marks: 1

A(n) ____ IDPS is focused on protecting network information assets.

Choose one answer.

a. network-based

b. host-based

c. application-based

d. server-based


Question29Marks: 1

In a ____ implementation, the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization.

Choose one answer.

a. loop

b. direct

c. parallel

d. pilot


Question30Marks: 1

____ involves a wide variety of computing sites that are distant from the base organizational facility and includes all forms of telecommuting.

Choose one answer.

a. Remote site computing

b. Telecommuting

c. Remote working

d. Hot site computing


Question31Marks: 1

All of the existing certifications are fully understood by hiring organizations.

Answer:

True False


Question32Marks: 1

NIST documents can assist in the design of a security framework.

Answer:

True False


Question33Marks: 1

A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

Choose one answer.

a. denial-of-service

b. distributed denial-of-service

c. virus

d. spam


Question34Marks: 1

Which of the following phases is the longest and most expensive phase of the systems development life cycle?

Choose one answer.

a. investigation

b. logical design

c. implementation

d. maintenance and change


Question35Marks: 1

A breach of possession always results in a breach of confidentiality.

Answer:

True False


Question36Marks: 1

A(n) exposure factor is the expected percentage of loss that would occur from a particular attack.

Answer:

True False


Question37Marks: 1

An information system is the entire set of ____, people, procedures, and networks that make possible the use of information resources in the organization.

Choose one answer.

a. software

b. hardware

c. data

d. All of the above


Question38Marks: 1

A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network.

Answer:

True False


Question39Marks: 1

There are generally two skill levels among hackers: expert and ____.

Choose one answer.

a. novice

b. journeyman

c. packet monkey

d. professional


Question40Marks: 1

Address grants prohibit packets with certain addresses or partial addresses from passing through the device.

Answer:

True False


Question41Marks: 1

A buffer against outside attacks is frequently referred to as a(n) ____.

Choose one answer.

a. proxy server

b. no-man’s land

c. DMZ

d. firewall


Question42Marks: 1

Information security can be an absolute.

Answer:

True False


Question43Marks: 1

Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator.

Answer:

True False


Question44Marks: 1

Guards can evaluate each situation as it arises and make reasoned responses.

Answer:

True False


Question45Marks: 1

CM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen.

Answer:

True False


Question46Marks: 1

ISACA stands for Information Systems Automation and Control Association.

Answer:

True False


Question47Marks: 1

Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs.

Choose one answer.

a. passive

b. active

c. reactive

d. dynamic


Question48Marks: 1

The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

Choose one answer.

a. avoidance of risk

b. transference

c. mitigation

d. accept control


Question49Marks: 1

The ____ program focuses more on building trusted networks, including biometrics and PKI.

Choose one answer.

a. NFC

b. SCNP

c. PKI

d. SCNA

Correct

Marks for this submission: 1/1.

Question50Marks: 1

CERTs stands for computer emergency recovery teams.

Answer:

True False


Question51Marks: 1

A ____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.

Choose one answer.

a. signature

b. MAC

c. fingerprint

d. digest


Question52Marks: 1

A VPN allows a user to use the Internet into a private network.

Answer:

True False


Question53Marks: 1

The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future.

Choose one answer.

a. direct changeover

b. wrap-up

c. phased implementation

d. pilot implementation


Question54Marks: 1

Digital forensics helps the organization understand what happened and how.

Answer:

True False


Question55Marks: 1

Organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product.

Choose one answer.

a. security

b. reliability

c. accessibility

d. availability


Question56Marks: 1

Builders operate and administrate the security tools and the security monitoring function and continuously improve the processes, performing all the day-to-day work.

Answer:

True False

Correct


Question57Marks: 1

Deterrence can prevent an illegal or unethical activity from occurring.

Answer:

True False


Question58Marks: 1

A service bureau is an agency that provides a service for a fee.

Answer:

True False


Question59Marks: 1

Each CISSP concentration exam consists of 25 to 50 questions.

Answer:

True False


Question60Marks: 1

Established in January 2001, the National InfraGard Program began as a cooperative effort between the FBI’s Cleveland Field Office and local technology professionals.

Answer:

True False


Question61Marks: 1

In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____.

Choose one answer.

a. UDPs

b. MACs

c. WANs

d. WAPs


Question62Marks: 1

A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.

Answer:

True False


Question63Marks: 1

The primary mailing list, called simply ____, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited, and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.

Choose one answer.

a. Bug

b. Bugfix

c. Buglist

d. Bugtraq


Question64Marks: 1

First generation firewalls are application-level firewalls.

Answer:

True False


Question65Marks: 1

The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.

Choose one answer.

a. Customer

b. Health Insurance

c. Computer

d. Telecommunications


Question66Marks: 1

UN-CERT is a set of moderated mailing lists full of detailed, full-disclosure discussions and announcements about computer security vulnerabilities.

Answer:

True False


Question67Marks: 1

Attackers may conduct an encrypted-plaintext attack by sending potential victims a specific text that they are sure the victims will forward on to others.

Answer:

True False

Correct


Question68Marks: 1

Most information security projects require a trained project CEO.

Answer:

True False


Question69Marks: 1

A(n) man-in-the-middle attack attempts to intercept a public key or even to insert a known key structure in place of the requested public key.

Answer:

True False


Question70Marks: 1

Cold detectors measure rates of change in the ambient temperature in the room.

Answer:

True False


Question71Marks: 1

The ____ mailing list includes announcements and discussion of an open-source IDPS.

Choose one answer.

a. Nmap-hackers

b. Packet Storm

c. Security Focus

d. Snort-sigs


Question72Marks: 1

In the ____ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively short period of time.

Choose one answer.

a. fixed temperature

b. permanent temperature

c. fixed rate

d. rate-of-rise


Question73Marks: 1

The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.

Choose one answer.

a. defense

b. assessment

c. security

d. information


Question74Marks: 1

A best practice proposed for a small home office setting is appropriate to help design control strategies for a multinational company.

Answer:

True False

Correct


Question75Marks: 1

All liquid systems are designed to apply liquid, usually water, to all areas in which a fire has been detected.

Answer:

True False


Question76Marks: 1

More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions.

Choose one answer.

a. multialphabetic

b. monoalphabetic

c. polyalphabetic

d. polynomic


Question77Marks: 1

The ____ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.

Choose one answer.

a. Bug/CERT

b. Bugtraq/CERT

c. CC/CERT

d. CERT/CC


Question78

Marks: 1

What is the subject of the Sarbanes-Oxley Act?

Choose one answer.

a. Banking

b. Financial Reporting

c. Privacy

d. Trade secrets


Question79Marks: 1

Many information security professionals enter the field from traditional ____ assignments.

Choose one answer.

a. HR

b. BA

c. IT

d. All of the above


Question80Marks: 1

A(n) listener vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software.

Answer:

True False


Question81Marks: 1

The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees.

Choose one answer.

a. CIO

b. CISCO

c. CISO

d. end users


Question82Marks: 1

____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.

Choose one answer.

a. Hash

b. Map

c. Key

d. Encryption


Question83Marks: 1

Electronic monitoring includes ____ systems.

Choose one answer.

a. blocked video

b. local video

c. open-circuit television

d. closed-circuit television


Question84

Marks: 1

A mail bomb is a form of DoS.

Answer:

True False


Question85Marks: 1

A certificate authority should actually be categorized as a software security component.

Answer:

True False


Question86Marks: 1

In many organizations, information security teams lacks established roles and responsibilities.

Answer:

True False


Question87Marks: 1

A(n) distinguished name uniquely identifies a certificate entity, to a user’s public key.

Answer:

True False


Question88Marks: 1

Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) ____.

Choose one answer.

a. SSL

b. SLA

c. MSL

d. MIN


Question89Marks: 1

All systems that are mission critical should be enrolled in PSV measurement.

Answer:

True False


Question90Marks: 1

The date for sending the final RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete.

Choose one answer.

a. intermediate step

b. resource

c. milestone

d. deliverable


Question91Marks: 1

The most sophisticated locks are ____ locks.

Choose one answer.

a. manual

b. programmable

c. electronic

d. biometric


Question92Marks: 1

A(n) perimeter is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public.

Answer:

True False


Question93Marks: 1

An alert ____ is a document containing contact information for the people to be notified in the event of an incident.

Choose one answer.

a. message

b. roster

c. plan

d. list


Question94Marks: 1

The ____ involves collecting information about an organization’s objectives, its technical architecture, and its information security environment.

Choose one answer.

a. SISC

b. SecSDLC

c. DLC

d. SIDLC


Question95Marks: 1

A(n) ____ is a statement of the boundaries of the RA.

Choose one answer.

a. scope

b. disclaimer

c. footer

d. head


Question96Marks: 1

A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures.

Answer:

True False


Question97Marks: 1

GIAC stands for Global Information Architecture Certification.

Answer:

True False


Question98Marks: 1

A(n) ____ is “a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.”

Choose one answer.

a. SVPN

b. VPN

c. SESAME

d. KERBES


Question99Marks: 1

Firewalls fall into ____ major processing-mode categories.

Choose one answer.

a. two

b. three

c. four

d. five


Question100Marks: 1

The most successful kind of top-down approach involves a formal development strategy referred to as a ____.

Choose one answer.

a. systems design

b. development life project

c. systems development life cycle

d. systems schema

Correct


Question101Marks: 1

UPS devices typically run up to ____ VA.

Choose one answer.

a. 100

b. 250

c. 500

d. 1,000


Question102Marks: 1

Interior walls reach only part way to the next floor, which leaves a space above the ceiling of the offices but below the top of the storey. This space is called a(n) ____.

Choose one answer.

a. kneespace

b. attic

c. plenum

d. padding


Question103Marks: 1

Smoke detection systems are perhaps the most common means of detecting a potentially dangerous fire, and they are required by building codes in most residential dwellings and commercial buildings.

Answer:

True False


Question104

Marks: 1

Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.

Choose one answer.

a. benefit

b. appetite

c. acceptance

d. avoidance


Question105Marks: 1

Which of the following is an example of a Trojan horse program?

Choose one answer.

a. Netsky

b. MyDoom

c. Klez

d. Happy99.exe


Question106Marks: 1

A timing attack involves the interception of cryptographic elements to determine keys and encryption algorithms.

Answer:

True False


Question107Marks: 1

A study of information security positions, done by Schwartz, Erwin,Weafer, and Briney, found that positions can be classified into one of ____ areas.

Choose one answer.

a. two

b. three

c. four

d. five


Question108Marks: 1

DMZ is the primary way to secure an organization’s networks.

Answer:

True False


Question109Marks: 1

Program-specific policies address the specific implementations or applications of which users should be aware.

Answer:

True False


Question110Marks: 1

The military uses a _____-level classification scheme.

Choose one answer.

a. three

b. four

c. five

d. six


Question111Marks: 1

The Lewin change model consists of ____.

Choose one answer.

a. unfreezing

b. moving

c. refreezing

d. All of the above


Question112Marks: 1

A sniffer program shows all the data going by on a network segment including passwords, the data inside files—such as word-processing documents—and screens full of sensitive data from applications.

Answer:

True False


Question113Marks: 1

Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.

Choose one answer.

a. assessment

b. evaluation

c. recovery

d. plan


Question114Marks: 1

Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet.

Answer:

True False


Question115Marks: 1

People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role.

Choose one answer.

a. security policy developers

b. security professionals

c. system administrators

d. end users


Question116Marks: 1

A HIDPS can monitor systems logs for predefined events.

Answer:

True False


Question117Marks: 1

Technical controls are the tactical and technical implementations of security in the organization.

Answer:

True False


Question118Marks: 1

An effective information security governance program requires constant change.

Answer:

True False


Question119Marks: 1

Many corporations use a ____ to help secure the confidentiality and integrity of information.

Choose one answer.

a. system classification scheme

b. data restoration scheme

c. data hierarchy

d. data classification scheme


Question120Marks: 1

Intellectual property is defined as “the ownership of ideas and control over the tangible or virtual representation of those ideas.”

Answer:

True False


Question121Marks: 1

A cold site provides many of the same services and options of a hot site.

Answer:

True False


Question122Marks: 1

ISO 27001 Information Security Handbook: A Guide for Managers provides managerial guidance for the establishment and implementation of an information security program.

Answer:

True False


Question123Marks: 1

The first phase of risk management is ____.

Choose one answer.

a. risk identification

b. design

c. risk control

d. risk evaluation


Question124Marks: 1

Telnet protocol packets usually go to TCP port ____.

Choose one answer.

a. 7

b. 8

c. 14

d. 23


Question125Marks: 1

The applicant for the CISM must provide evidence of ____ years of professional work experience in the field of information security, with a waiver or substitution of up to two years for education or previous certification.

Choose one answer.

a. five

b. eight

c. ten

d. twelve


Question126Marks: 1

Access control is achieved by means of a combination of policies, programs, and technologies.

Answer:

True False


Question127Marks: 1

A(n) contingency plan is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations.

Answer:

True False


Question128Marks: 1

____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.

Choose one answer.

a. Drones

b. Helpers

c. Zombies

d. Servants


Question129Marks: 1

Project managers can reduce resistance to change by involving employees in the project plan. In systems development, this is referred to as ____.

Choose one answer.

a. DMZ

b. SDLC

c. WBS

d. JAD


Question130Marks: 1

Privacy Enhanced Mail was proposed by the Internet Engineering Task Force and is a standard that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures.

Answer:

True False


Question131Marks: 1

Complete loss of power for a moment is known as a ____.

Choose one answer.

a. sag

b. fault

c. brownout

d. blackout


Question132Marks: 1

The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.

Choose one answer.

a. Violence

b. Fraud

c. Theft

d. Usage


Question133Marks: 1

The restrictions most commonly implemented in packet-filtering firewalls are based on ____.

Choose one answer.

a. IP source and destination address

b. Direction (inbound or outbound)

c. TCP or UDP source and destination port requests

d. All of the above


Question134

Marks: 1

Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization.

Answer:

True False


Question135Marks: 1

A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.

Answer:

True False


Question136Marks: 1

____ occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized, also enter.

Choose one answer.

a. Crowdsurfing

b. Tailgating

c. Freeloading

d. Hitchhiking


Question137Marks: 1

Effective management includes planning and ____.

Choose one answer.

a. organizing

b. leading

c. controlling

d. All of the above


Question138Marks: 1

The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.

Choose one answer.

a. Sarbanes-Oxley Act

b. Gramm-Leach-Bliley Act

c. U.S.A. Patriot Act

d. Security and Freedom through Encryption Act


Question139Marks: 1

A starting scanner is one that initiates traffic on the network in order to determine security holes.

Answer:

True False


Question140Marks: 1

Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, which is often referred to as a bottom-up approach.

Answer:

True False


Question141

Marks: 1

One form of online vandalism is ____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.

Choose one answer.

a. hacktivist

b. phvist

c. hackcyber

d. cyberhack


Question142Marks: 1

Every organization needs to develop an information security department or program of its own.

Answer:

True False

IncorrectMarks for this submission: 0/1.

Question143Marks: 1

Direct attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat.

Answer:

True False


Question144Marks: 1

The ____ position is typically considered the top information security officer in the organization.

Choose one answer.

a. CISO

b. CFO

c. CTO

d. CEO


Question145Marks: 1

CBAs cannot be calculated after controls have been functioning for a time.

Answer:

True False


Question146Marks: 1

Which of the following is a valid type of data ownership?

Choose one answer.

a. Data owners

b. Data custodians

c. Data users

d. All of the above


Question147Marks: 1

The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.

Choose one answer.

a. Standard HTTP

b. SFTP

c. S-HTTP

d. SSL Record Protocol


Question148Marks: 1

The model used often by large organizations places the information security department within the ____ department.

Choose one answer.

a. management

b. information technology

c. financial

d. production


Question149Marks: 1

The CA periodically distributes a(n) ____ to all users that identifies all revoked certificates.

Choose one answer.

a. CRL

b. RA

c. MAC

d. AES


Question150Marks: 1

The application gateway is also known as a(n) ____.

Choose one answer.

a. application-level firewall

b. client firewall

c. proxy firewall

d. All of the above


Question151Marks: 1

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base.

Choose one answer.

a. fingernails

b. fingerprints

c. signatures

d. footprints


Question152Marks: 1

A(n) ____ is a proposed systems user.

Choose one answer.

a. authenticator

b. challenger

c. supplicant

d. activator


Question153Marks: 1

Which of the following ports is commonly used for the HTTP protocol?

Choose one answer.

a. 20

b. 25

c. 53

d. 80


Question154Marks: 1

The ____ model consists of six general phases.

Choose one answer.

a. pitfall

b. 5SA&D

c. waterfall

d. SysSP


Question155Marks: 1

Symmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message.

Answer:

True False


Question156Marks: 1

Civil law addresses activities and conduct harmful to society and is actively enforced by the state.

Answer:

True False


Question157Marks: 1

Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways.

Answer:

True False


Question158Marks: 1

ALE determines whether or not a particular control alternative is worth its cost.

Answer:

True False


Question159Marks: 1

____ are software programs that hide their true nature, and reveal their designed behavior only when activated.

Choose one answer.

a. Viruses

b. Worms

c. Spam

d. Trojan horses


Question160Marks: 1

A wet-pipe system is usually considered appropriate in computer rooms.

Answer:

True False


Question161Marks: 1

The ____ process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization.

Choose one answer.

a. ASP

b. ISP

c. SVP

d. PSV


Question162Marks: 1

HIPAA specifies particular security technologies for each of the security requirements to ensure the privacy of the health-care information.

Answer:

True False


Question163Marks: 1

A(n) registration authority issues, manages, authenticates, signs, and revokes users’ digital certificates, which typically contain the user name, public key, and other identifying information.

Answer:

True False


Question164Marks: 1

All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan.

Answer:

True False


Question165Marks: 1

Grounding ensures that the returning flow of current is properly discharged to the ground.

Answer:

True False


Question166Marks: 1

A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee’s actions.

Answer:

True False


Question167Marks: 1

As an alternative view of the way data flows into the monitoring process, a(n) ____ approach may prove useful.

Choose one answer.

a. DTD

b. DFD

c. Schema

d. ERP


Question168Marks: 1

In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.

Answer:

True False


Question169Marks: 1

Security ____ are the areas of trust within which users can freely communicate.

Choose one answer.

a. perimeters

b. domains

c. rectangles

d. layers


Question170Marks: 1

____ applications use a combination of techniques to detect an intrusion and then trace it back to its source.

Choose one answer.

a. Trace and treat

b. Trap and trace

c. Treat and trap

d. Trace and clip


Question171Marks: 1

Hash algorithms are public functions that create a hash value by converting variable-length messages into a single fixed-length value.

Answer:

True False


Question172Marks: 1

Traces, formally known as ICMP Echo requests, are used by internal systems administrators to ensure that clients and servers can communicate.

Answer:

True False


Question173Marks: 1

A famous study entitled “Protection Analysis: Final Report” was published in ____.

Choose one answer.

a. 1868

b. 1978

c. 1988

d. 1998


Question174Marks: 1

In the ____ UPS, the internal components of the standby models are replaced with a pair of inverters and converters.

Choose one answer.

a. line-interactive

b. ferroresonant

c. true online

d. offline


Question175Marks: 1

A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.

Choose one answer.

a. IP

b. FCO

c. CTO

d. HTTP


Question176Marks: 1

Information security should be visible to the users.

Answer:

True False


Question177Marks: 1

SHA-1 produces a(n) _____-bit message digest, which can then be used as an input to a digital signature algorithm.

Choose one answer.

a. 48

b. 56

c. 160

d. 256

Correct


Question178Marks: 1

In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.

Choose one answer.

a. confidential

b. secret

c. top secret

d. sensitive


Question179Marks: 1

A(n) disaster recovery plan dictates the actions an organization can and perhaps should take while an incident is in progress.

Answer:

True False


Question180Marks: 1

Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks.

Answer:

True False


Question181Marks: 1

Every state has implemented uniform laws and regulations placed on organizational use of computer technology.

Answer:

True False


Question182Marks: 1

According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents.

Choose one answer.

a. infoterrorism

b. cyberterrorism

c. hacking

d. cracking


Question183Marks: 1

Redundancy can be implemented at a number of points throughout the security architecture, such as in ____.

Choose one answer.

a. firewalls

b. proxy servers

c. access controls

d. All of the above


Question184Marks: 1

An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked.

Answer:

True False


Question185Marks: 1

A variation of the dry-pipe system is the pre-action system, which has a two-phase response to a fire.

Answer:

True False


Question186Marks: 1

One approach that can improve the situational awareness of the information security function uses a process known as ____ to quickly identify changes to the internal environment.

Choose one answer.

a. baseline

b. difference analysis

c. differential

d. revision


Question187Marks: 1

A(n) ____, typically prepared in the analysis phase of the SecSDLC, must be reviewed and verified prior to the development of the project plan.

Choose one answer.

a. RFP

b. WBS

c. SDLC

d. CBA


Question188Marks: 1

A common form of mechanical locks are electric strike locks, which (usually) require people to announce themselves before being “buzzed” through a locked door.

Answer:

True False


Question189Marks: 1

ISA Server can use ____ technology.

Choose one answer.

a. PNP

b. Point to Point Tunneling Protocol

c. RAS

d. All of the above


Question190Marks: 1

The concept of competitive ____ refers to falling behind the competition.

Choose one answer.

a. disadvantage

b. drawback

c. failure

d. shortcoming


Question191Marks: 1

DES uses a 64-bit key.

Answer:

True False


Question192Marks: 1

A fully distributed IDPS control strategy is the opposite of the centralized strategy.

Answer:

True False


Question193Marks: 1

Qualitative-based measures are comparisons based on numerical standards, such as numbers of successful attacks.

Answer:

True False


Question194Marks: 1

In ____ mode, the data within an IP packet is encrypted, but the header information is not.

Choose one answer.

a. tunnel

b. transport

c. public

d. symmetric


Question195Marks: 1

Static filtering is common in network routers and gateways.

Answer:

True False


Question196Marks: 1

Each organization has to determine its own project management methodology for IT and information security projects.

Answer:

True False


Question197Marks: 1

Policies are written instructions for accomplishing a specific task.

Answer:

True False


Question198Marks: 1

Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system.

Answer:

True False


Question199Marks: 1

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____.

Choose one answer.

a. filtering

b. doorknob rattling

c. footprinting

d. fingerprinting


Question200Marks: 1

Benefit is the value that an organization realizes by using controls to prevent losses associated with a specific vulnerability.

Answer:

True False


Final Exam Review Questions Funds of Security

Documents