5 Written questions
5 Matching questions
- NSTISSI No. 4011
- a _____ presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.
- b A buffer against outside attacks is frequently referred to as a(n) _____.
- c The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) _____.
- d Microsoft acknowledged that if you type a res://URL (a Microsoft-devised type of URL) which is longer than _____ characters in Internet Explorer 4.0, the browser will crash.
- e ICMP uses port _____ to request a response to a query and can be the first indicator of a malicious attack.
5 Multiple choice questions
- Criminal or unethical _____ goes to the state of mind of the individual performing the act.
- The National Information Infrastructure Protection Act of 1996 modified which Act?
- _____ is the predecessor to the Internet.
- Risk _____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
- Incident damage _____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
5 True/False questions
ISO/IEC 27002 → Standards may be published, scrutinized, and ratified by a group, as in formal or _____ standards.
denial-of-service → In a _____ attack, the attacker sends a large number of connection or information requests to a target.
to harass → As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus _____.
cold → A(n) _____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
general → The _____ security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization.