5 Written Questions
5 Matching Questions
- Security and Freedom through Encryption Act
- (distribution, portability, destruction)
ALL OF THE ABOVE
- a The _____ security policy is a planning document that outlines the process of implementing security in the organization.
- b A buffer against outside attacks is frequently referred to as a(n) _____.
- c Management of classified data includes its storage and _____.
- d The _____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.
- e The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the _____ plan.
5 Multiple Choice Questions
- The stated purpose of _____ is to "give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization."
- One form of online vandalism is _____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
- _____ firewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model.
- _____ presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.
- ICMP uses port _____ to request a response to a query and can be the first indicator of a malicious attack.
5 True/False Questions
(United States, Germany, Japan)
NONE OF THE ABOVE → What country adopted ISO/IEC 177799?
denial-of-service → In a _____ attack, the attacker sends a large number of connection or information requests to a target.
assessment → Incident damage _____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
standard of due care → When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) _____.
to harass → According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except _____.