final 1

93 terms by deaconroyal 

Ready to study?
Start with Flashcards

Create a new folder

Advertisement Upgrade to remove ads

The_________________________is the American contribution to an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures.

Digital Millennium Copyright Act (DMCA)

Family law, commercial law, and labor law are all encompassed by___________law.

private

Guidelines that describe acceptable and unacceptable emplyee behaviors in the workpalce are known as __________.

policies

The secret Service is chard with the detection and arrest of any person committing a United States federal offense relating to computer fraud and false identification crimes.

true

Thirty-four countries have ratified the European Council Cyber-Crime Convention as of April 2010.

false

Laws and policies and their associated penalites only dter if which of the following conditions is present?

a) Fear of penalty

b) Probablity of being caught

c) Probability of penalty being adminstered

d) All the above *

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage______.

by accident

Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources?

Singapore

What is the subject of the Sarbanes-Oxley Act?

Financial Reporting

The ______of 1999 provides guidance on the use of encryption and provides protection from government intervention.

Security and Freedom through Encryption Act

________attempts to prevent trade secrets from being illegally shared.

Economic Espionage Act

A(n) _______is an authorization issued by an organization for the repair, modifcation, or update of a piece of equipment.

FCO

The military uses a ____-level classifcation scheme.

five

In the U.S. military classfication scheme, ______data is any information or material the unauthorized disclosure of which reasonalby could be expected to cause damage to the national security.

confidential

________is simply how often you expect a specific type of attack to occur.

ARO

The formal decision making process used when considering the economic feasibility of omplementing information security controls and sfeguards is called a(n)__________.

CBA

A certificate authority should actually be catagorizes as a software security component.

True

Information security managers and technicians are the creators of information.

False

Leaving unattended computers on is one of the top information security mistakes made by individuals.

True

The ___________security policy is planning document that outlines the process of implementing security in the organization.

program

Polices are living documents that must be managed.

True

Technical controls are the tactical and technical implementations of security in the organization.

True

The ISSP sets out the requirements that must be met by the information security blueprint or framework.

False

Disaster recovery personnel must know their roles without supporting documentation.

True

A policy should sate that if employess violate a company policy, or an law using company technologies, the company will protect them, and the company is liable for the employee's actions.

False

A buffer against outside attacks is frequently referred to as a(n)_________.

DMZ

Incident damage _______is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and infromation assets during or just following an incident.

assessment

A____site provides only rudimentary services and facilities.

cold

The first phase in the development of the contingency planning process is the ___________.

BIA

___________controls cover security porcesses that are designed by strategic planners and implemented by the secruity administration of the organization.

Managerial

in recent years, the broadband router devices that can function as packet-filtering firewalls have enhanced to combine the features of ________.

WAP's

The application gateway is also know as a(n)______.

application-level firewall

A ________filtering firewall can react to an emergent event and update or create rules to deal with the event.

dynamic

In __________mode, the data within an IP packet encrypted, but the header information is not.

transport

A (n) is "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of tunneling protocol and security procedures.

VPN

Kerbos _____________provides tickets to clients who request services.

TGS

________generates and issues sessions keys in Kerberos.

KDC

The dominant architecture used to secure network acces today is the _______firewall.

screeened subnet

_____is the protocol for handling TCP traffic through a proxy server.

SOCKS

The proxy server is often placed in an usecured area of the network or is placed in the _____zone.

demilitarized

The AES algoorithm was the first public key encryption algorithm.

False

Julius Caesar was associated with an early version of the transpostion cipher.

True

One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message.

True

Hashing functions require the use of keys.

False

The application header protocol provides secrecy for the content of a network communication.

False

The permutation cipher simply rearranges the values with a block to create the ciphertext.

True

The most popluar version of____________involves hiding information within files that contain digital pictures or other images.

steganography

________is an integrated system of software, encryption, methodologies, protocols, legal agreements, and third-pary services that enables users to communicate securely.

PKI

______are encrypted messages that can be mathmatically proven to be authentic

Digital signatures

The number of horizontal and vertical pixels captured and recorded is known as the images_____.

resolution

SPS systems provide power conditioning.

False

There are very few qualified and profssional agencies that provide physical security sonsulting and services.

False

Vibration senors fall into the motion sensor category

False

________sprinklers are the newest form of sprinkler system and rly on the ultra-fine mists instead of traditionalshower-typer systems.

Water mist

The thermal detection systems contain a sophisticated heat _________.

sensor

________sensors project and detect an infrared beam across the area.

Photoelectric

Interior walls reach only part way to the next floor, which leaves a space above the cieling of the offices but below the top of the storey. This space is called a(n) __________.

padding (plenum)

_______occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized to enter.

Tailgating

Electronic monitoring includes__________systems.

closed-circuit television

A device that assures the delivery of electric power without interruption s a(n)_____.

UPS

One of the leading causes of damage to sensitive circuitry is ________.

ESD

Security in general is always safe from the outside world.

False

In general the design phase is accomplished by changing the configuration and operation of the organizations's information systems to make them more secure.

False

Planners need to estimate the effort required to complete each task, subtask, or action step.

True

The need for qualified trained, and available personnel constrains the project plan.

True

The budgets of public organizations are usually the product of legislation or public meetings.

True

The first step in the WBS approach encompasses activities, but not deliverables.

False

The WBS can be prepared with a simple desktop PC word processing program.

False

The date for sending the final RFP to vendors is considerd a(n), because it signals that all RFP prepartion work is complete.

milestone

In the __________process, measured results are compared to expected results.

negative feedback loop

Tasks or action steps that come after the task at hand are called _________.

successors

The organization should integrate the security awarennes education inot a new hire's ongoing jobe oreintation and make it a part of every employee's on-the-job training.

True

To maintain a secure facility , all contract employess should be escoretd from room to room, as well as inot and out of the facility.

True

_________are often involved in national security and cyber-security taks and move from those enviroments into the more buiness-oriented world of information security.

Military personnel

The breadth and depth covered in each of the domains makes the _____one of the most difficult -to-attain certifications on the market.

CISSP

The_________program focuses more on building trusted networks, including biometrics and PKI.

SCNA

Many information security porfessionals enter the field from traditional ________assignments.

IT

___________are the real techies who create and install security solutions.

Builders

_____is a cornerstone in the protection of information assets and in the prevention of financial loss.

Separation of duties

_______are hired by the organization to serve in a temporary position or to supplement the existing workforce.

Temporary employess

Organizations are not required by law to protect employess information that is sensitive or personal.

False

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the enviorment, the existing secruity improvement program will probably contine to work well.

True

Digital forensics helps the organization understand what happened and how.

True

An effective security program demands comprehensive and continous understanding of program and system configuration.

False

Documentation procedures are not required for confiuation and change management processes.

False

External monitoring entails collecting intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers with the organization.

True

Overt time external monitoring processes should capture information about the the external enviroment in a format that can be referenced both across the organization as threats emrge and for historical use.

True

The characterstics concerned with manufactuer and software versions are about tehchnical functionality, and they should be kept highl accurate and up-to-date

True

An intranet scan starts with an Internet search engine.

False

All telephone numbers controlled buy an organization should be tested for modem vulnerability, unless the configuration of the phone equipment on premises can assure that no number can be dialed from the worldwide telephone system.

False

Remediation of vulnerabilites can be accompolished by accepting or transferring the rise, removing the threat, or repairing the vulnerablity.

True

In some instance risk is acknowledged as bein part of an organization's business process.

True

Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

True

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set