CIS 280 Final

Network Security
Managerial Controls
Cover security processes that are designed by strategic planners and implemented by the security administration of the organization.
Economic Espionage Act
Attempts to prevent trade secrets from being illegally shared.
Physical Design Phase
Specific technologies are selected to support the alternatives identified and evaluated in the logical design.
Can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.
USA Patriot Act
Defines stiffer penalties for prosecution Terrorist crimes.
Trojan Horse
Hides it's true nature, only reveals it's designated behavior when activated.
Security and Freedom Through Encryption Act
(1999) Guidance on use of encryption, and provides protection from government intervention.
Operational Feasibility Analysis
Examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.
Standard of Due Care
Shows an organization has done what any prudent organization would do in similar circumstances.
Management of Classified Data
Storage, Distribution, Portability, and Destruction.
Alert Roster
Document containing contact information for people to be notified in the event of an incident.
Technology that aids in gathering information about a person or organization without their knowledge.
Data file that contains the hashed representation of user's passwords.
Computer Security Act
Establishes minimum acceptable security practices. Federal systems that contain classified data.
Physical Security
Addresses issues necessary to protect tangible items, objects, or areas of an organization from unauthorized access and misuse.
By Accident
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage _____
Risk Control
Application of controls to reduce the risks to an organization's data and information systems.
Financial Services Modernization Act
Also widely known as the Gramm-Leach-Bliley Act
Security _____ are the areas of trust within which users can freely communicate.
risk identification
The first phase of risk management is ______
All of the above
Which of the following functions does information security perform for an organization?
In a ____ attack, the attacker sends a large number of connection or information requests to a target.
dumpster diving
There are individuals who search trash and recycling - a practice known as ____ - to retrieve information that could embarrass a company or compromise information security.
distributed denial-of-service
A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
____ controls address personal security, and the protection of production inputs and outputs.
The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.
Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
transfer control
The ____ strategy attempts to shift risk to other assets, other processes, or other organizations.
Electronic Communications Privacy Act
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?
Health Insurance
The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange
____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.
system administrators
People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role
Incident response
Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss. ____ dictates what steps are taken when an attack occurs.
All of the above
Which of the following is a valid type of data ownership?
All of the above
An information system is the entire set of ____, people, procedures, and networks that make possible the use of information resources in the organization.
The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any ____ purposes.
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.
One form of online vandalism is ____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a ____ value.
A security ____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.
All of the above
Redundancy can be implemented at a number of points throughout the security architecture, such as in ____.
Computer Fraud and Abuse Act
Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses?
____ of information is the quality or state of being genuine or original.
systems development life cycle
The most successful kind of top-down approach involves a formal development strategy referred to as a ____.
A buffer against outside attacks is frequently referred to as a(n) ____.
Computer Fraud and Abuse Act
The National Information Infrastructure Protection Act of 1996 modified which Act?
____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack
defend control
The ____ strategy attempts to prevent the exploitation of the vulnerability.
NSTISSI No. 4011
____ presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.
Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
accept control
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
____ is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure of an organization.
to harass
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except ____.
maintenance and change
Which of the following phases is the longest and most expensive phase of the systems development life cycle?
privilege attribute certificate (PAC)
In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ____.
A ____ is "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures."
All of the above
Among all possible biometrics, ____ are considered truly unique.
____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.
The ____ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate, it enables all other information security components to function correctly.
____ is the process of converting an original message into a form that is unreadable to unauthorized individuals.
The most sophisticated locks are ____ locks.
A ____, typically prepared in the analysis phase of the SecSDLC, must be reviewed and verified prior to the development of the project plan.
In the ____ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively short period of time
packet sniffer
A(n) ____ is a network tool that collects copies of packets from the network and analyzes them
Firewalls fall into ____ major processing-mode categories.
The ____ involves collecting information about an organization's objectives, its technical architecture, and its information security environment.
rating and filtering
In most common implementation models, the content filter has two components: __.
phased implementation
A ____ is usually the best approach to security project implementation.
The ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication
The proxy server is often placed in an unsecured area of the network or is placed in the ____ zone.
A ____ is a proposed systems user.
process of change
By managing the ____, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.
IDPS researchers have used padded cell and honeypot systems since the late ____.
Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.
____ inspection firewalls keep track of each network connection between internal and external systems.
screened subnet
The dominant architecture used to secure network access today is the ____ firewall.
Digital signatures should be created using processes and products that are based on the ____.
A ____ IDPS is focused on protecting network information assets.
Computing and other electrical equipment in areas where water can accumulate must be uniquely grounded, using ____ equipment.
Contact and weight
____ sensors work when two contacts are connected as, for example, when a foot steps on a pressure-sensitive pad under a rug, or a window being opened triggers a pin-and-spring sensor.
Water mist
____ sprinklers are the newest form of sprinkler systems and rely on ultra-fine mists instead of traditional shower-type systems.
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base.
The CA periodically distributes a(n) ____ to all users that identifies all revoked certificates.
The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future.
____ generates and issues session keys in Kerberos.
In the ____ UPS, the internal components of the standby models are replaced with a pair of inverters and converters.
In a ____ attack, the attacker eavesdrops during the victim's session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information.
A method of encryption that requires the same secret key to encipher and decipher the message is known as ____ encryption.
end-of-fical-year spend-a-thons
Public organizations often have "____" to spend all their remaining funds before the end of the fiscal year.
DES uses a __- bit block size.
All of the above
Which of the following is a valid version of TACACS?
Using ___, the system reviews the log files generated by servers, network devices, and even other IDPSs.
____ is the entire range of values that can possibly be used to construct an individual key.
IP source and destination address, Direction, TCP or UDP source and destination port.
The restrictions most commonly implemented in packet-filtering firewalls are based on ____.
In a ____ implementation, the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization.
The ____ layer of the bull's-eye model receives attention last.
____ occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized, also enter.
Tasks or action steps that come after the task at hand are called ____.
Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host.
A ____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
Work Factor
____ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.
negative feedback loop
In the ____ process, measured results are compared to expected results.
The ____ is an intermediate area between a trusted network and an untrusted network.
SSL Record Protocol
The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.
In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____.
The date for sending the final RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete.
____ is the protocol for handling TCP traffic through a proxy server.
____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications.
A ____ system is designed to work in areas where electrical equipment is used. Instead of containing water, the system contains pressurized air.
The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use.
____ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.
____ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
Alarm Filtering
____ is the process of classifying IDPS alerts so that they can be more effectively managed.
____ is a simple planning tool.
application-level firewall
The application gateway is also known as a(n) ____.
____ locks can be changed after they are put in service, allowing for combination or key changes without a locksmith and even allowing the owner to change to another access method (key or combination) to upgrade security.
Trap and trace
____ applications use a combination of techniques to detect an intrusion and then trace it back to its source.
Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs.
More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions.