Advertisement Upgrade to remove ads

Chapters 1-6 Principles of Information Security 4th Ed.

ARPANET

_____ is the predecessor to the Internet.

MULTICS

_____ was the first operating system to integrate security as its core functions.

Physical

_____ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.

hash

In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a _____ value.

NSTISSI No. 4011

_____ presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.

(software, hardware, data)
D. ALL OF THE ABOVE

An information system is the entire set of _____, people, procedures, and networks that make possible the use of information resources in the organization.

SDLC

The _____ is a methodology for the design and implementation of an information system in an organization.

waterfall

The _____ model consists of six general phases.

physical design

During the _____ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design.

maintenance and change

Which of the following phases is the longest and most expensive phase of the systems development life cycle?

Incident response

Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss. _____ dictates what steps are taken when an attack occurs.

(Data owners, Data custodians, Data users)
ALL OF THE ABOVE

Which of the following is a valid type of data ownership?

system administrators

People with the primary responsibility for administering the systems that house the information used by the organization perform the _____ role.

PKI

_____ is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure of an organization.

Trojan horses

_____ are software programs that hide their true nature, and reveal their designed behavior only when activated.

hoaxes

As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus _____.

SLA

Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) _____.

novice

There are generally two skill levels among hackers: expert and _____.

hacktivist

One form of online vandalism is _____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.

cyberterrorism

According to Mark Pollitt, _____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-national groups or clandestine agents.

SAM

The _____ data file contains the hashed representation of the user's password.

denial-of-service

In a _____ attack, the attacker sends a large number of connection or information requests to a target.

distributed denial-of-service

A _____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

man-in-the-middle

In the well-known _____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the networks.

TCP

The _____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network.

social engineering

"4-1-9" fraud is an example of a _____ attack.

256

Microsoft acknowledged that if you type a res://URL (a Microsoft-devised type of URL) which is longer than _____ characters in Internet Explorer 4.0, the browser will crash.

Civil

_____ law comprises a wide variety of laws that govern a nation or state.

Public

_____ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.

Fraud

The Computer _____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.

to harass

According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except _____.

Computer Fraud and Abuse Act

The National Information Infrastructure Protection Act of 1996 modified which Act?

Health Insurance

The _____ Portability and Accountability Act of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.

Electronic Communications Privacy Act

Which of the following acts is a collection of statues that regulate the interception of wire, electronic, and oral communications?

Financial Services Modernization Act

Which of the following acts is also widely known as the Gramm-Leach-Bliley Act

Federal Agency Information Security

What is the subject of the Computer Security Act?

Computer Fraud and Abuse Act

Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses?

USA Patriot Act

_____ defines stiffer penalties for prosecution of terrorists crimes.

Economic Espionage Act

_____ attempts to prevent trade secrets from being illegally shared.

Security and Freedom through Encryption Act

The _____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.

2001

The Council of Europe adopted the Convention of Cybercrime in _____.

Singapore

Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources?

by accident

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage _____.

intent

Criminal or unethical _____ goes to the state of mind of the individual performing the act.

(Fear of penalty; Probability of being caught; Probability of penalty being administered)
ALL OF THE ABOVE

Laws and policies and their associated penalties only deter if which of the following conditions is present?

disadvantage

The concept of competitive _____ refers to falling behind the competition.

risk identification

The first phase of risk management is _____.

MAC

_____ addresses are sometimes called electronic serial numbers or hardware addresses.

data classification scheme

Many corporations use a _____ to help secure the confidentiality and integrity of information.

FCO

A(n) _____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.

(distribution, portability, destruction)
ALL OF THE ABOVE

Management of classified data includes its storage and _____.

dumpster diving

There are individuals who search trash and recycling - a practice known as _____ - to retrieve information that could embarrass a company or compromise information security.

Risk

_____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.

general

The _____ security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization.

program

The _____ security policy is a planning document that outlines the process of implementing security in the organization.

defend control

The _____ strategy attempts to prevent the exploitation of the vulnerability.

transfer control

The _____ strategy attempts to shift risk to other assets, other processes, or other organizations.

IR

The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the _____ plan.

DR

_____ plans usually include all preparations fro the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.

accept control

The _____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

CBA

The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) _____.

ARO

_____ is simply how often you expect a specific type of attack to occur.

standard of due care

When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) _____.

Operational

_____ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.

appetite

Risk _____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.

vision

Strategic planning is the process of moving the organization towards its _____.

de jure

Standards may be published, scrutinized, and ratified by a group, as in formal or _____ standards.

EISP

The _____ is based on directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.

SysSPs

_____ often function as standards or procedures to be used when configuring or maintaining systems.

framework

A security _____ is an outline of the overall information security strategy for the organization and roadmap for planned

ISO/IEC 27002

The stated purpose of _____ is to "give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization."

(United States, Germany, Japan)
NONE OF THE ABOVE

What country adopted ISO/IEC 177799?

(organizing, leading, controlling)
ALL OF THE ABOVE

Effective management includes planning and _____.

(firewalls, proxy servers, access controls)
ALL OF THE ABOVE

Redundancy can be implemented at a number of points throughout the security architecture, such as in _____.

Operational

_____ controls address personnel security, physical security, and the protection of production inputs and outputs.

domains

Security _____are the areas of trust within which users can freely communicate.

DMZ

A buffer against outside attacks is frequently referred to as a(n) _____.

Network

_____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.

CISO

The SETA program is the responsibility of the _____ and is a control measure designed to reduce the incidences of accidental security breaches by employees.

IR

A(n) _____ plan deals with the identification, classification, response, and recovery from an incident.

roster

An alert _____ is a document containing contact information for the people to be notified in the event of an incident.

assessment

Incident damage _____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.

cold

A _____ site provides only rudimentary services and facilities.

electronic vaulting

The transfer of large batches of data to an off-site facility is called _____.

five

Firewalls fall into _____ major processing-mode categories.

Packet-filtering

_____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.

(IP source and destination address; Direction (inbound or outbound); TCP or UDP source and destination port requests)
ALL OF THE ABOVE

The restrictions most commonly implemented in packet-filtering firewalls are based on _____.

dynamic

A _____ filtering firewall can react to an emergent event and update or create rules to deal with the event.

Stateful

_____ inspection firewalls keep track of each network connection between internal and external systems.

DMZ

The _____ is an intermediate area between a trusted network and an untrusted network.

MAC layer

_____ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.

screened subnet

The dominant architecture used to secure network access today is the _____ firewall.

SOCKS

_____ is the protocol for handling TCP traffic through a proxy server.

7

ICMP uses port _____ to request a response to a query and can be the first indicator of a malicious attack.

rating and filtering

In most common implementation models, the content filter has two components: _____

RADIUS

_____ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.

KDC

_____ generates and issues session keys in Kerberos.

TGS

Kerberos _____ provides tickets to clients who request services.

VPN

A(n) _____ is "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures."

transport

In _____ mode, the data within an IP packet is encrypted, but the header information is not.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set