CIS377 Quiz

The quiz questions and answers given in the final review study guide.
What is the primary objective of the physical design phase of the SecSDLC?
To select specific technologies to support the information security blueprint.
What type of firewall examines every incoming packet header and can selectively filter packets based on header information, such as destination address, source address, packet address, packet type, and other key information?
Packet Filtering.
Which type of firewall allows the firewall to react to an emergent event and update or create rules to deal with the event?
What is the commonly used name for an intermediate area between a trusted network and an untrusted network?
Demilitarized zone (DMZ).
What is the system most often used to authenticate the credentials of user who are trying to access an organization's network via a dial-up connection?
In which mode of IPSEC is the data within an IP packet encrypted, while the header information is not?
Transport mode.
__________ are decoy systems designed to lure potential attackers away from critical systems.
Honey Pot.
A(n) _________ is a network tool that collects copies of packets from the network and analyzes them.
Packet Sniffer.
True or False: Encryption is a process of hiding information and has been in use for a long time.
True or False: Julius Caesar was associated with an early version of the substitution cipher.
________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.
________ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext.
The science of encryption is known as _________.
________ is the process of making and using codes to secure the transmission of information.
True or False: Two hundred and eighty five computers could crack a 56-bit key in one year, whereas 10 times as many could do it in a little over a month.
_______ is the entire range of values that can possibly be used to construct an individual key.
The ________ algorithm was the first public-key encryption algorithm developed (in 1977) and published for commercial use.
_______ is a hybrid cryptosystem originally designed in 1991 by Phil Zimmermann.
In a(n) _______ attack, the attacker eavesdrops during the victim's session and uses statistical analysis of the user's typing patterns and inter-keystroke timings to discern sensitive session information.
______ security addresses the design, implementation and maintenance of countermeasure that protect the physical resources of an organization.
______ management is responsible for the security of the facility in which the organization is housed and the policies and standards for secure operation.
_______ management and professionals are responsible for environmental and access security in technology equipment locations and for the policies and standards of secure equipment operation.
Information Technology.
_______ management and professionals perform risk assessments and implementation reviews for the physical security controls implemented by other groups.
Information Security.
A _____ facility is a physical location that has been engineered with controls designed to minimize the risk of attacks from physical threats.
Finger, palm, and hand readers; iris and retina scanners; and voice and signature readers are examples of ______ locks.
To record events within a specific area threat guards and dogs might miss, or to record events in areas where other types of physical controls are not practical, is called ________.
Electronic Monitoring.
The ______ plan delivers instructions to the individuals who are executing the implementation phase.
Using complex project management tools often results in ______, which is a common pitfall of IT and information security projects.
A(n) ________ is a completed document or program module that can serve either as the beginning point for a later task or as an element in the finished project.
The project plan should describe the skill set or individual person (often called a(n) ______ ) needed to accomplish the task.
A(n) _______ is a specific point in the project plan when a task and its action steps are complete and have a noticeable impact on the progress of the project plan as a whole.
Once a project is underway, it is managed to completion using a process known as a(n) _______ feedback loop or a cybernetic loop, which ensures that progress is measured periodically.
Deploying a system by running the new methods alongside the old methods for a period of time is called _________.
Parallel Implementation.
The most common approach of deploying systems that involves rolling out a piece of the system is called _________.
Phased Implementation.
A deployment method called _________ involves implementing all functions in a single part of the organization and resolving issues within that group before expanding to the rest of the organization.
Pilot Implementation.
Technology _______ is a complex process that an organization uses to manage the impacts and costs caused by technology implementation, innovation, and obsolescence.
The information security group can also use the _______ control process to ensure that essential process steps that ensure confidentiality, integrity, and availability are followed as systems are upgraded across the organization.
During the analysis phases, a(n) _______ feasibility study should have been conducte4d that addressed the impact of the changes necessary for implementation.
Where should organizations place the information security organization?
Where it best balances the need for compliance with the need for service.
The _______ is one of two certifications offered by the International Information Systems Security Certification Consortium (SC)2.
The _______ certifications require the applicant to complete a written practical assignment.
A ______ can determine the level of trust the business places in the individual.
Background Check.
Once a candidate has accepted the job offer, the employment ______ becomes an important security instrument.
To heighten information security awareness and change workplace behavior, organizations should incorporate information security components into employee _______.
Job descriptions, training sessions, and performance evaluations.
_______ employees are typically hired, usually under arrangements with another company, to perform specific services for the organization.