How can we help?

You can also find more resources in our Help Center.

Firewall Test 1

STUDY
PLAY
security education
Within a SETA program, ____ is only available to some of the organization's employees.
A) security-related trinkets
B) security education
C) security training
D) security awareness programs
shoulder surfing
The threat of ____ involves a malicious individual observing another's password by watching the victim while they are performing system login activities.
A) packet monkeys
B) intellectual property
C) shoulder surfing
D) script kiddies
the Security Area Working Group
RFC 2196: Site Security Handbook is produced by ____.
A) the ISO
B) NIST
C) the Security Area Working Group
D) the Federal Agency Security Practices
denial-of-service (DoS)
In a ____ attack, the attacker sends a large number of connection or information requests to a target in an attempt to overwhelm its capacity and make it unavailable for legitimate users.
A) man-in-the-middle
B) sniffer
C) dictionary
D) denial-of-service (DoS)
McCumber Cube
The ____ is based on a model developed by the U.S. Committee on National Systems Security (CNSS).
A) TVA worksheet
B) C.I.A. triangle
C) McCumber Cube
D) man-in-the-middle attack
crisis management
Establishing a contact number of hot line is an aspect of ____ planning.
A) business continuity
B) incident response
C) attack
D) crisis management
threat
A(n) ____ is a category of object, person, or other entity that poses a potential risk of loss to an asset.
A) risk
B) exploit
C) threat
D) attack
SP 800-53 A, Jul 2008: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans
The document ____ provides a systems developmental lifecycle approach to security assessment of information systems.
A) SP 800-53 A, Jul 2008: Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans
B) SP 800-53 Rev. 3: Recommended Security Controls for Federal Information Systems and Organizations
C) SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy
D) SP 800-14: Generally Accepted Principles and Practices for Securing Information Technology Systems
technical specification SysSP
The ____ is created by a systems administer to direct practices with many details.
A) EISP
B) ISSP
C) managerial guidance SysSP
D) technical specification SysSP
Spoofing
____ is a technique used to gain unauthorized access to computers, wherein the attacker assumes or simulates an address that indicate to the victim that the messages are coming from the address of a trusted host.
A) Sniffing
B) Spoofing
C) Spamming
D) DDoS
incident
A(n) ____ is an attack against an information asset that poses a clear threat to the confidentiality, integrity, or availability of information resources.
A) incident
B) disaster
C) crisis
D) recovery
indirect
A(n) ____ attack is when a system is compromised and used to attack other systems.
A) direct
B) indirect
C) object
D) subject
vulnerability
A(n) ____ is a weakness or fault in the mechanisms that are intended to protect information and information assets from attack or damage.
A) threat
B) exploit
C) vulnerability
D) risk
sphere of use
The ____ illustrates the ways in which people access information.
A) sphere of use
B) sphere of protection
C) working control
D) benchmark
security perimeter
A ____ attempts to protect internal systems from outside threats.
A) security perimeter
B) botnet
C) risk management strategy
D) buffer overflow
DR
The ____ plan typically focuses on restoring systems at the original site after disasters occur..
A) DR
B) IR
C) BC
D) BIA
custodian
A data ____ might be a specifically identified role or part of the duties of a systems administrator.
A) owner
B) custodian
C) manager
D) user
mission
The ____ of an organization is a written statement of its purpose.
A) mission
B) vision
C) strategy
D) policy
EISP
The ____ is an executive-level document, usually drafted by or at least in cooperation with the organization's chief information officer.
A) EISP
B) ISSP
C) managerial guidance SysSP
D) technical specification SysSP
False
Brute force attacks are often successful against systems that have adopted the usual security practices recommended by manufacturers