How can we help?

You can also find more resources in our Help Center.

93 terms

final 1

STUDY
PLAY
The_________________________is the American contribution to an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures.
Digital Millennium Copyright Act (DMCA)
Family law, commercial law, and labor law are all encompassed by___________law.
private
Guidelines that describe acceptable and unacceptable emplyee behaviors in the workpalce are known as __________.
policies
The secret Service is chard with the detection and arrest of any person committing a United States federal offense relating to computer fraud and false identification crimes.
true
Thirty-four countries have ratified the European Council Cyber-Crime Convention as of April 2010.
false
Laws and policies and their associated penalites only dter if which of the following conditions is present?
a) Fear of penalty

b) Probablity of being caught

c) Probability of penalty being adminstered

d) All the above *
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage______.
by accident
Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources?
Singapore
What is the subject of the Sarbanes-Oxley Act?
Financial Reporting
The ______of 1999 provides guidance on the use of encryption and provides protection from government intervention.
Security and Freedom through Encryption Act
________attempts to prevent trade secrets from being illegally shared.
Economic Espionage Act
A(n) _______is an authorization issued by an organization for the repair, modifcation, or update of a piece of equipment.
FCO
The military uses a ____-level classifcation scheme.
five
In the U.S. military classfication scheme, ______data is any information or material the unauthorized disclosure of which reasonalby could be expected to cause damage to the national security.
confidential
________is simply how often you expect a specific type of attack to occur.
ARO
The formal decision making process used when considering the economic feasibility of omplementing information security controls and sfeguards is called a(n)__________.
CBA
A certificate authority should actually be catagorizes as a software security component.
True
Information security managers and technicians are the creators of information.
False
Leaving unattended computers on is one of the top information security mistakes made by individuals.
True
The ___________security policy is planning document that outlines the process of implementing security in the organization.
program
Polices are living documents that must be managed.
True
Technical controls are the tactical and technical implementations of security in the organization.
True
The ISSP sets out the requirements that must be met by the information security blueprint or framework.
False
Disaster recovery personnel must know their roles without supporting documentation.
True
A policy should sate that if employess violate a company policy, or an law using company technologies, the company will protect them, and the company is liable for the employee's actions.
False
A buffer against outside attacks is frequently referred to as a(n)_________.
DMZ
Incident damage _______is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and infromation assets during or just following an incident.
assessment
A____site provides only rudimentary services and facilities.
cold
The first phase in the development of the contingency planning process is the ___________.
BIA
___________controls cover security porcesses that are designed by strategic planners and implemented by the secruity administration of the organization.
Managerial
in recent years, the broadband router devices that can function as packet-filtering firewalls have enhanced to combine the features of ________.
WAP's
The application gateway is also know as a(n)______.
application-level firewall
A ________filtering firewall can react to an emergent event and update or create rules to deal with the event.
dynamic
In __________mode, the data within an IP packet encrypted, but the header information is not.
transport
A (n) is "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of tunneling protocol and security procedures.
VPN
Kerbos _____________provides tickets to clients who request services.
TGS
________generates and issues sessions keys in Kerberos.
KDC
The dominant architecture used to secure network acces today is the _______firewall.
screeened subnet
_____is the protocol for handling TCP traffic through a proxy server.
SOCKS
The proxy server is often placed in an usecured area of the network or is placed in the _____zone.
demilitarized
The AES algoorithm was the first public key encryption algorithm.
False
Julius Caesar was associated with an early version of the transpostion cipher.
True
One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message.
True
Hashing functions require the use of keys.
False
The application header protocol provides secrecy for the content of a network communication.
False
The permutation cipher simply rearranges the values with a block to create the ciphertext.
True
The most popluar version of____________involves hiding information within files that contain digital pictures or other images.
steganography
________is an integrated system of software, encryption, methodologies, protocols, legal agreements, and third-pary services that enables users to communicate securely.
PKI
______are encrypted messages that can be mathmatically proven to be authentic
Digital signatures
The number of horizontal and vertical pixels captured and recorded is known as the images_____.
resolution
SPS systems provide power conditioning.
False
There are very few qualified and profssional agencies that provide physical security sonsulting and services.
False
Vibration senors fall into the motion sensor category
False
________sprinklers are the newest form of sprinkler system and rly on the ultra-fine mists instead of traditionalshower-typer systems.
Water mist
The thermal detection systems contain a sophisticated heat _________.
sensor
________sensors project and detect an infrared beam across the area.
Photoelectric
Interior walls reach only part way to the next floor, which leaves a space above the cieling of the offices but below the top of the storey. This space is called a(n) __________.
padding (plenum)
_______occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized to enter.
Tailgating
Electronic monitoring includes__________systems.
closed-circuit television
A device that assures the delivery of electric power without interruption s a(n)_____.
UPS
One of the leading causes of damage to sensitive circuitry is ________.
ESD
Security in general is always safe from the outside world.
False
In general the design phase is accomplished by changing the configuration and operation of the organizations's information systems to make them more secure.
False
Planners need to estimate the effort required to complete each task, subtask, or action step.
True
The need for qualified trained, and available personnel constrains the project plan.
True
The budgets of public organizations are usually the product of legislation or public meetings.
True
The first step in the WBS approach encompasses activities, but not deliverables.
False
The WBS can be prepared with a simple desktop PC word processing program.
False
The date for sending the final RFP to vendors is considerd a(n), because it signals that all RFP prepartion work is complete.
milestone
In the __________process, measured results are compared to expected results.
negative feedback loop
Tasks or action steps that come after the task at hand are called _________.
successors
The organization should integrate the security awarennes education inot a new hire's ongoing jobe oreintation and make it a part of every employee's on-the-job training.
True
To maintain a secure facility , all contract employess should be escoretd from room to room, as well as inot and out of the facility.
True
_________are often involved in national security and cyber-security taks and move from those enviroments into the more buiness-oriented world of information security.
Military personnel
The breadth and depth covered in each of the domains makes the _____one of the most difficult -to-attain certifications on the market.
CISSP
The_________program focuses more on building trusted networks, including biometrics and PKI.
SCNA
Many information security porfessionals enter the field from traditional ________assignments.
IT
___________are the real techies who create and install security solutions.
Builders
_____is a cornerstone in the protection of information assets and in the prevention of financial loss.
Separation of duties
_______are hired by the organization to serve in a temporary position or to supplement the existing workforce.
Temporary employess
Organizations are not required by law to protect employess information that is sensitive or personal.
False
If an organization deals successfully with change and has created procedures and systems that can be adjusted to the enviorment, the existing secruity improvement program will probably contine to work well.
True
Digital forensics helps the organization understand what happened and how.
True
An effective security program demands comprehensive and continous understanding of program and system configuration.
False
Documentation procedures are not required for confiuation and change management processes.
False
External monitoring entails collecting intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers with the organization.
True
Overt time external monitoring processes should capture information about the the external enviroment in a format that can be referenced both across the organization as threats emrge and for historical use.
True
The characterstics concerned with manufactuer and software versions are about tehchnical functionality, and they should be kept highl accurate and up-to-date
True
An intranet scan starts with an Internet search engine.
False
All telephone numbers controlled buy an organization should be tested for modem vulnerability, unless the configuration of the phone equipment on premises can assure that no number can be dialed from the worldwide telephone system.
False
Remediation of vulnerabilites can be accompolished by accepting or transferring the rise, removing the threat, or repairing the vulnerablity.
True
In some instance risk is acknowledged as bein part of an organization's business process.
True
Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.
True