Advertisement Upgrade to remove ads

Chapters 1, 2, & 4

Attemping to reverse-calculate a password is called:

cracking

what technique does an intruder gain unauthorized access to computers by sending messages with a source IP address that has been changed to indicate that the messages are coming from a trusted host

Spoofing

The timing attack explores the contents of a web browser:

cache

in what type of attack does the attacker send a large number of connections or information requests to a target

denial of service

an attempt to gain personal infomation or financial data, usually be posing as a legitimate entity is called:

phishing

in what well-known attack does an attacker monitor (or sniff) packets from the network, modify them, and insert them back into the network

man in the middle

someone purchases a wireless access point for a home network, but does not enable WEP security - this is an example of what design problem?

failure to protect network traffic

SSL is a standard used to:

securely transfer data such as in an online credit card transaction

in 1998, Microsoft encountered and acknowledged what type of problem with Internet Explorer 4.0?

Buffer overflow

What should the minimum length of a password be according to the author?

8 characters

A file that contains sensitive financial account information is an example of:

an asset

during the early years, info security was a straightforward process composed mostly of:

physical security

In the CIA triangle, what does the A stand for?

Availability

In the CNSS Security Model (The McCumber Cube) what three attributes represent the three information states?

Storage, Processing, Transmission

Information that is whole, complete, and uncorrupted has:

Integrity

The act of sending an email with a modified "from" address is called:

Spoofing

What enables authorized users, either persons or computer systems, to access information without interference or obstruction and to receive it in the required format?

Availability

What was significant about the Rand R-609?

It expanded the role of computer security to include data

When a computer is the target of an attack, it is defined as the:

Object

Which of the following is most often true?

The CISO reports to the CIO

ARPANET was the predecessor to:

Internet

A famous study entitled Protection Analysis: Final Report was published in:

1978

Which was the first operating system to integrate security as its core functions?

MULTICS

Which type of security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse?

Physical

What is a computer considered to be in an attack when it is used to conduct the attack?

Subject

Which characteristic of information is the quality or state of being genuine or original?

Authenticity

In the CNSS Security Model (The McCumber Cube) what three attributes represent the three information states?

Storage, Processing, Transmission

An information system consists of:

software, hardware, data, people, and procedures

What is the longest and most expensive phase of the systems development life cycle?

Maintenance and change

What are the phases of the systems development life cycle?

Investigation, Analysis, Logical Design, Physical Design, Implementation, Maintenance and Change

Part of the logical design phase of the Security Systems Development Life Cycle (SecSDLC) is planning for partial or catastrophic loss. What dictates what steps are taken when an attack occurs?

Incident response

Part of the logical design phase of the Security Systems Development Life Cycle (SecSDLC) is planning for partial or catastrophic loss. What dictates how business continues in the event of a loss?

Continuity Planning

Part of the logical design phase of the Security Systems Development Life Cycle (SecSDLC) is planning for partial or catastrophic loss. What dictates what must be done to recover information and vital systems immediately after a disastrous event?

Disaster recovery

Who is the individual primarily responsible for the assessment, management, and implementation of information security in the organization?

CISO

Among the greatest threats to an organization's assets are employees who:

Make mistakes

What are software programs that hide their true nature, and reveal their designed behavior only when activated?

Trojan horses

As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus:

Hoaxes

Agreements with providers that protect against deviations in service levels are known as:

Service Legal Agreements (SLA)

What acts can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter?

Trespass

What form of online vandalism is involves interfering with or disrupting systems to protest the operations, policies, or action of an organization or government agency?

Hacktivist

Redirecting users to an illegitimate Web site is characteristic of:

Pharming

A brute force attack attempts to break a password by:

Trying all possible combinations characters

What software security problem can arise when the input from a user is passed directly to a compiler or interpreter?

Command injection

What software security problem can arise when two programmers are making different changes to the same section of code at the same time?

Neglect of change control

The first phase of risk management is:

Risk identification

In the risk management process, what do many corporations use to help secure the confidentiality and integrity of information?

Data classification schemes

One appropriate way to identify hardware assets is by:

A asset's serial number

Management of classified data includes its storage, distribution, portability, and:

destruction

There are individuals who search trash and recycling to retrieve information that could embarrass a company or compromise information security using a process known as:

Dumpster diving

A TVA worksheet relates:

Threat, vulnerabilities and assets

Which control strategy attempts to prevent exploitation of a vulnerability?

Defend

What are the risk control strategies?

Defend, Transfer, Mitigate, Accept, Terminate

What type of mitigation plan guides activities after an incident by describing media backups, strategies to limit losses, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede?

Disaster recovery

The value of an asset multiplied by its exposure factor is the calculation for:

Single loss expectancy (SLE)

Security practices that are considered the best of the best are known as the:

Gold standard

The risk control strategy that is the same as a "do nothing" approach is:

Accept

The quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility is known as:

Risk appetite

A single loss exposure of a security threat is $100. The frequency of occurrence is once per month. What is the ARO?

1200 (100 X 12)

In the Cost Benefit Analysis formula, what is ACS?

The annual cost of safeguard

The Cost Benefit Analysis (CBA) formula is:

CBA = ALE(prior) - ALE(post) - ACS

ALE(prior): ALE from earlier assessments before the implementation of the proposed control
ALE(post): revised ALE, estimated based on the control being in place

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set