#1 – #10 edited Combo – CIS 525 – CyberSecurity – McMurtrey – Study for Final Exam – Flashcards
Unlock all answers in this set
Unlock answersquestion
the likelyhood that something bad happens to an asset is
answer
Risk
question
This defines how a business gets back on its feet after a major disaster like a hurricane
answer
Disaster Recovery Pla (DRP)
question
Gives priorities to the functions an organization needs to keep going
answer
Businees Continuity Plan
question
Connecting your computers or devices to the ---- immediately exposes them to attack
answer
internet
question
Software vendors must protect themselves from liabilities of their own vulnerabilities with a
answer
End-User License Agreement (
question
This represents the fourth layer of defense for a typical IT infrastructure
answer
LAN - to - WAN Domain
question
The goal and objective of a --- is to provide a consistent definition for how an organization should handle and secure different types of data
answer
data classification standard
question
The requirement to keep information private or secret is the definition of
answer
...
question
The tunnel can be created between a remote workstation using the public internet and VPN router and a --- web site
answer
(SSL - VPN)
question
A --- is a weakness that allows a threat to be realized
answer
vulnerability
question
The weakest link in the security of an IT infrastructure is the user
answer
True
question
This appliance examines IP data streams for common attack and malicious intent patterns
answer
(IDS)
question
What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens private data and have proper security controls in place?
answer
Federal Information Security Management Act
question
What name is given to an exterior network that acts as a buffer zone between the public internet and the organizations IT?
answer
demilitarized zone
question
What term is used to describe guarding information from everyone except those who have rights to it?
answer
confidentiality
question
Which of the following describes the Family Educational Rights and Private ACT?
answer
a law that protects the private data of students
question
A _____ is any action that could damage an asset that can be natural and or human induced
answer
threat
question
_______ means only authorized users can change information and deals with the validity and accuracy of data.
answer
integrety
question
E-commerce changed how businesses sell, and the --- change how they market
answer
...
question
Medical practices and hospitals realized early on that ________ provide(s) the ability toprovide access to the necessary information without having to invest in many computersand network infrastructure
answer
mobile devices
question
Network devices can implement ___________ to better support VoIP and SIP IP packets and reduce dropped calls and delays.
answer
traffic prioritization
question
Security controls do not need to be implemented to secure VoIP and SIP on LANs andWANs.
answer
false
question
The term Bring Your Own Device (BYOD) refers to an organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings and other benefits but also presents security risks.
answer
true
question
The total number of errors divided by the total number of bits transmitted is the definition of
answer
bit error rate
question
Voice an unified communications are --- applications that use 64 byte IP packets
answer
Session Initiation Protocol (SIP)
question
What is ment by application convergence?
answer
The integration of applications to enhance productivity
question
The software in a phone system that performs the call switching from an inboundtrunk to a phone extension
answer
call control
question
What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video , or data communications?
answer
asynchronous transfer mode (ATM)
question
What name is given to a software-based application like WebEx that supports audio conferencing and sharing of documents (text, spreadsheets, presentations, etc.) for real-time discussions with team members or colleagues?
answer
collaboration
question
What name is given to an attack that uses ping or ICMP echo-request, echo-reply messages to bring down the availability of a server or system?
answer
Denial of Service (DoS)
question
What term is used to describe a packet- based WAN service capable of supporting one-to-many and many-to-many WAN connections?
answer
frame relay
question
What term is used to describe a strategy that uses a device to provide electrical power for IP phones from the RJ-45 8-pin jacks directly to the workstation outlet?
answer
power over Ethernet (Poe)
question
What term is used to describe communication that doesn't happen in real time but rather consists of messages that are stored on a server and downloaded to endpoint devices?
answer
store-and-forward communications
question
What term is used to describe streamlining processes with automation or simplified steps?
answer
business process engineering
question
--- is the basis for unified communication and is the protocol used by real-time applications such as IM chat, conferencing and collaboration
answer
Session Initiation Protocol (SIP)
question
A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.
answer
true
question
A _________ has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. They represent the greatest threat to networks and information resources.
answer
cracker
question
A ___________ is a software program that performs one of two functions: brute-force password attack to gain unauthorized access to a system,or recovery of passwords stored in a computer system.
answer
password cracker
question
A --- is a tool used to scan IP host devices for open ports that have been enabled
answer
port scanner
question
A protocol analyzer or --- is a software program that enables a computer to monitor and capture network traffic
answer
packet sniffer
question
In a ________, the attacker sends a large number of packets requesting connections to the victim computer
answer
SYN flood
question
Malicious software can be hidden in a
answer
...
question
spoofing means a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource.
answer
true
question
A program or dedicated hardware device that inspects network traffic passing though it
answer
firewall
question
An attack that seeks to obtain personal or private financial information through domain spoofing
answer
pharming
question
The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
answer
promiscuous mode
question
A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compormised
answer
rootkit
question
What term is used to describe an attack in which the attacker gets between two parties and intercepts messages before transferring them on to their intended destination?
answer
man-in-the-middle attack
question
When an attacker discovers a __________, he or she can use it to bypass existing security controls such as passwords, encryption, and so on.
answer
backdoor
question
A network utility program that reads from and writes to network connections.
answer
netcat
question
Wiretapping is an application incorporating known software vulnerabilities, data, and scripted commands to exploit a weakness in a computer system or IP host device.
answer
false
question
______ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.
answer
Brute-force password atack
question
____ is type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.
answer
Hijacking
question
A ___________ is a formal analysis of an organization's functions and activities that classifies them as critical or noncritical.
answer
business impact analysis (BIA)
question
Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.
answer
false
question
Risks apply to specific assets. If you multiply the risk __________ by the cost of the asset, the result is the exposure to a specific risk.
answer
probability
question
Singe loss expectancy(SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE = Resource Value x EF
answer
true
question
The first step in risk analysis is to determine what and where the organizations --- are located
answer
assets
question
The formal process of monitoring and controlling risk focuses on --- new risks.
answer
analyzing
question
The goal of --- is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high impact risks and develop plans based on risks
answer
quantitative risk analysis
question
The recover point objective (RPO) identifies the amount of ---- that is acceptable
answer
data loss
question
The term risk management describes the process of identifying, assessing, prioritizing and addressing risks
answer
true
question
What is meant by annual rate of occurrence (ARO)?
answer
The annual probability that a stated threat will be realized.
question
What is meant by risk register?
answer
A list of identified risks that results from the risk-identification process
question
What is the project Management Body of Knowledge ?
answer
A collection of the knowledge and best practices of the project management profession
question
What is the difference between a BCP and a DRP?
answer
...
question
What name is given to any risk that exists but has a defined response?
answer
residual risk
question
When you accept a --- you take no further steps to resolve
answer
negative risk
question
A risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them.
answer
...
question
________ is the difference between the security controls you have in place and the controls you'd to have in place in order to address all vulnerabilities.
answer
security gap
question
--- is rapidly becoming an increasingly important aspect of enterprisecomputing
answer
disaster recovery
question
A communication protocol that is connectionless and is popular for exchanging small amounts of data or messages is called ---
answer
User Datagram Protocol (UDP)
question
A method of restricting resource access to specific periods of time is called ---
answer
temporal isolation
question
An organization's facilities manager is often responsible for ---
answer
Physical Access Control
question
Biometrics is another --- method for identifying subjects
answer
access control
question
A system that puts access control into the hands of people such as department managers who are closest to system users; there is no one centralized entity to process access requests in this system.
answer
decentralized access control
question
Mandatory access control (MAC) isa means of restricting access to an object based on the object's classification and the user's security clearance.
answer
true
question
The Bell-La Padula access control model focuses primarily on ---
answer
confidentiality of data and control of access to classified information
question
The --- is the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems
answer
security kernel
question
What is ment by constrained user interface?
answer
Software that allows users to enter only specific information.
question
What name is given to an access control method that bases access control approvals on the jobs the user is assigned?
answer
role-based access control
question
What term is used to describe a device used as a log on authenticator for remote users of a network?
answer
synchronous token
question
An authentication token used to process challenge-response authentication with a server. It takes the server's challenge value and calculates a response. The user enters the response to authenticate a connection.
answer
asynchronous token?
question
Which of the following is an accurate description of cloud computing?
answer
The practice of using computing services that are delivered over a network.
question
Which of the following is not a type of authentication?
answer
...
question
The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.
answer
Which of the following is the definition of access control?
question
a ---- is an authentication credential that is generally longer and more complex than a password
answer
passphrase
question
---- is an authorization method in which access to resources is decided by the user's formal status.
answer
Authority - level policy
question
---- is the process of dividing up tasks into a series of unique activities
answer
Separation of duties
question
A compliance liaison works with each department to ensure that it understands, implements, and monitors compliance in accordance with the organization's policies.
answer
True
question
A security awareness program includes
answer
...
question
A way to protect your organization from personnel - related security violations is to use job rotation.
answer
true
question
An organization must comply with rules on two levels. regulatory compliance and organizational compliance.
answer
true
question
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security --- and awareness program
answer
training
question
Enacting changes in response to reported problems is called
answer
reactive change managment
question
For all the technical solutions you can devise to secure your systems, the --- remains your greatest challenge.
answer
human element
question
Initiating changes to avoid expected problems is the definition of proactive change managment
answer
true
question
one of the most popular types of attacks on computer systems involves--- . These attack deceive or use people to get around security controls.
answer
Social engineering
question
The--- team's responsibilities include handling events that affect your computers and networks and ultimately can respond rapidly and effectively to any event.
answer
security administration
question
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ...
answer
emergency operations group
question
The term remediation refers to fixing something before it is broken, defective, of vulnerable.
answer
true
question
The technical evaluation of a system to provide assurance that you have implemented the system correctly
answer
certification
question
A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization
answer
standard
question
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?
answer
agile development
question
What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?
answer
baseline
question
What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?
answer
procedure
question
When an information security breach occurs in your organization, a --- helps determine what happened to the system and when.
answer
Security event log
question
Which of the following is the definition of guideline?
answer
A recommendation to purchase or how to used a product or system
question
Which of the following is the definition of system owner?
answer
The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.
question
A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.
answer
Layer 3 switch
question
Today, people working in cyberspace must deal with new and constantlyevolving ________.
answer
threats
question
The world needs people who understand computer-systems ________ and who can protect computers and networksfrom criminals and terrorists.
answer
security
question
A ___________ gives priorities to the functions an organization needs to keep going.
answer
business continuity plan (BCP)
question
____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.
answer
Recovery time objective (RTO)
question
____________ is the practice of hiding data and keeping it away from unauthorized users.
answer
Cryptography
question
A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.
answer
disaster recovery plan (DRP)
question
What is meant by call control?
answer
The software in a phone system that performs the call switching from an inboundtrunk to a phone extension.
question
________ is the basis for unified communications and is the protocol used by real-timeapplications such as IM chat, conferencing, and collaboration.
answer
Session Initiation Protocal (SIP)
question
A common DSL service is ________,where the bandwidth is different for downstream and upstream traffic.
answer
asymmetric digital subscriber line (ADSL)
question
The ________ in analog communications is one error for every 1,000 bits sent; in digital communications, the __________ is one error for every 1,000,000 bits sent.
answer
bit error rate
question
What is meant by application convergence?
answer
The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integratesrecorded voice messages into e-mail so that voice messages are retrievable via e-mail.
question
The total number of errors divided by the total number of bits transmitted is the definition of __________.
answer
bit error rate
question
As users upgrade LANs to GigE or 10GigE, switches must support ________and data IP traffic.
answer
voice
question
In a ________, the attacker sends a large number of packets requesting connections to the victim computer.
answer
SYNflood
question
Loss of financial assets due to ________ is a worst-case scenario for all organizations.
answer
malicious attacks
question
A __________ tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess.
answer
black-hat hacker
question
A ___________ is a software program that performs one of two functions: brute-forcepassword attack to gain unauthorized access to a system,or recovery of passwords stored in a computer system.
answer
password cracker
question
A protocol analyzer or ____________ is a software program that enablesa computer to monitor and capture network traffic.
answer
packet sniffer
question
A(n) ___________ fingerprint scanner is a software program that allows an attackerto send logon packets to an IP host device.
answer
operating system (OS)
question
_______ is the proportion of value of a particular asset likely to be destroyed by a given risk,expressed as a percentage.
answer
Exposure factor (EF)
question
Risks apply to specific assets. If you multiply the risk __________ by the cost of the asset, the result is the exposure to a specific risk.
answer
probability
question
What is the Project Management Body of Knowledge (PMBOK)?
answer
A collection of the knowledge and best practices of the project management profession.
question
What is meant by annual rate of occurrence (ARO)?
answer
The annual probability that a stated threat will be realized.
question
Which of the following best describes quantitative risk analysis?
answer
A risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.
question
What is meant by risk register?
answer
A list of identified risks that results from the risk-identification process.
question
Information security activities directly support several common businessdrivers, including ________ and efforts to protect intellectual property.
answer
compliance
question
Which of the following describes an asynchronous token?
answer
An authentication token used to process challenge-response authentication with a server. It takes the server's challenge value and calculates a response. The user enters the response to authenticate a connection.
question
________ is used to describe a property that indicates that a specific subject needs access to a specific object. This is necessary to access the object in addition to possessing the proper clearance for the object's classification.
answer
Need-to-know
question
Which of the following is the definition of access control?
answer
The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.
question
Which of the following is an accurate description of cloud computing?
answer
The practice of using computing services that are delivered over a network.
question
Which of the following adequately defines continuous authentication?
answer
An authentication method in which a user is authenticated at multiple times or event intervals.
question
A mechanism that limits access to computer systems and network resources is ________,
answer
logical access control
question
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________.
answer
emergency operations group
question
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules?
answer
agile development
question
What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?
answer
procedure
question
What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products?
answer
baseline
question
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system?
answer
certifier
question
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.
answer
Clean desk/clear screen policy
question
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules? A. baseline B. waterfall model C. agile development D. sprint
answer
C
question
What is meant by authorizing official (AO)? A. An individual to enact changes in response to reported problems. B. The process of managing changes to computer/device configuration or application software. C. A senior manager who reviews a certification report and makes the decision to approve the system for implementation. D. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization
answer
C
question
What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products? A. configuration control B. functional policy C. baseline D. authorizing official (AO)
answer
C
question
What is meant by certification? A. The formal acceptance by the authorizing official of the risk of implementing the system. B. A strategy to minimize risk by rotating employees between various systems or duties. C. The technical evaluation of a system to provide assurance that you have implemented the system correctly. D. A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies.
answer
C
question
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system? A. remediation B. certifier C. compliance liaison D. system owners
answer
D
question
________ is the process of managing changes to computer/device configuration or application software. A. Sprint B. Procedure control C. Change control D. Proactive change management
answer
C
question
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation. A. Procedure management B. Emergency operations policy C. Clean desk/clear screen policy D. Security administration policy
answer
C
question
The process of managing the baseline settings of a system device is called ________. A. guideline B. baseline C. configuration control D. sprint
answer
C
question
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________. A. emergency operations group B. security event team C. guideline control D. security administration
answer
A
question
Which of the following is the definition of guideline? A. A method of developing software that is based on small project iterations, or sprints, instead of long project schedules. B. Recorded information from system events that describes security-related activity. C. A recommendation to purchase or how to use a product or system. D. A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
answer
C
question
Which of the following is the definition of anomaly-based IDS? A. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity. B. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. C. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. D. Using tools to determine the layout and services running on an organization's systems and networks.
answer
B
question
Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________. A. controls B. management C. standards D. plan
answer
C
question
As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today. A. configuration B. controls C. monitoring D. settings
answer
B
question
One of the best ways to avoid wasting your organization's resources is to ensure that you follow the ________ review cycle. A. audit B. security C. benchmark D. monitoring
answer
...
question
It's essential to match your organization's required __________ with its security structure. A. monitoring B. permission level C. operating system D. recommendations
answer
B
question
Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures. A. applications B. mitigation activities C. configurations D. recommendations
answer
C
question
________ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization. A. Penetration testing B. Real-time monitoring C. An audit D. Vulnerability testing
answer
C
question
Audits are necessary because of ________. A. potential liability B. negligence C. mandatory regulatory compliance D. all of the above
answer
D
question
_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies. A. Real-time monitoring B. Gray-box testing C. SAS 70 D. White-box testing
answer
...
question
The ___________ framework defines the scope and contents of three levels of audit reports. A. Service Organization Control (SOC) B. permission-level C. real-time monitoring D. zone transfer
answer
A
question
How your organization responds to risk reflects the value it puts on its ___________. A. environment B. assets C. technology D. vulnerability
answer
B
question
A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost. A. risk B. control C. event D. response
answer
A
question
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________. A. critical business function B. disaster plan C. business continuity plan D. risk management plan
answer
C
question
___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization. A. Backup B. Incident C. Risk D. Preventive control
answer
C
question
A _____________ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls. A. threat B. impact C. risk D. vulnerability
answer
D
question
___________ refers to the amount of harm a threat can cause by exploiting a vulnerability. A. Impact B. Threat C. Risk D. Incident
answer
A
question
An attacker or event that might exploit a vulnerability is a(n) ____________. A. incident B. threat source C. cost D. Hacker
answer
B
question
A(n) ________ is an intent and method to exploit a vulnerability. A. impact B. incident C. threat source D. safeguard
answer
...
question
A threat source can be a situation or method that might accidentally trigger a(n) ____________. A. event B. incident C. vulnerability D. control
answer
C
question
A(n) ________ is a measurable occurrence that has an impact on the business. A. corrective control B. event C. cost D. critical business function
answer
B
question
Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________. A. security B. privacy C. nonrepudiation D. reliability
answer
C
question
What term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely? A. hash B. key distribution C. asymmetric key cryptography D. symmetric key cryptography
answer
...
question
The number of possible keys to a cipher is a ___________. A. checksum B. cryptosystem C. keyspace D. key directory
answer
...
question
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________. A. decryption B. breaking codes C. brute-force attack D. cryptanalysis
answer
...
question
The most scrutinized cipher in history is the ________. A. Data Encryption Standard (DES) B. keyword mixed alphabet cipher C. transposition cipher D. Vigenère cipher
answer
...
question
________ is a one-way calculation of information that yields a result usually much smaller than the original message. A. Caesar cipher B. Checksum C. Hash D. Symmetric key
answer
...
question
A ________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A. A. Caesar cipher B. Vigenère cipher C. transposition cipher D. product cipher
answer
...
question
_______________ enables you to prevent a party from denying a previous statement or action. A. Authentication B. Integrity C. Nonrepudiation D. Confidentiality
answer
...
question
Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information. A. Ownership B. Timestamping C. Revocation D. Message authentication
answer
...
question
Which OSI Reference Model layer includes all programs on a computer that interact with the network? A. Presentation Layer B. Session Layer C. Network Layer D. Application Layer
answer
...
question
Which OSI Reference Model layer is responsible for the coding of data? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer
answer
...
question
Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer
answer
...
question
Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer
answer
...
question
Which OSI Reference Model layer uses Media Access Control (MAC) addresses? Device manufacturers assign each hardware device a unique MAC address. A. Data Link Layer B. Presentation Layer C. Transport Layer D. Session Layer
answer
...
question
Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium? A. Data Link Layer B. Transport Layer C. Session Layer D. Physical Layer
answer
...
question
Which of the following is the definition of hub? A. A device that connects two or more networks and selectively interchanges packets of data between them. B. A network device that connects network segments, echoing all received traffic to all other ports. C. A firewall device that examines the state of a connection as well as simple address, port, and protocol rules to determine how to process a packet. D. A suite of protocols designed to connect sites securely using IP networks.
answer
...
question
________ is a suite of protocols designed to connect sites securely using IP networks. A. Dynamic Host Configuration Protocol (DHCP) B. Network access control (NAC) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Protocol Security (IPSec)
answer
...
question
________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job. A. Internet Protocol Security (IPSec) B. Dynamic Host Configuration Protocol (DHCP) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Control Message Protocol (ICMP)
answer
...
question
Network ________ is gathering information about a network for use in a future attack. A. reconnaissance B. eavesdropping C. denial of service D. surveying
answer
...
question
What name is given to a method of developing software that is based on small project iterations, or sprints, instead of long project schedules? A. baseline B. waterfall model C. agile development D. sprint
answer
C
question
What is meant by authorizing official (AO)? A. An individual to enact changes in response to reported problems. B. The process of managing changes to computer/device configuration or application software. C. A senior manager who reviews a certification report and makes the decision to approve the system for implementation. D. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization
answer
C
question
What term is used to describe a benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products? A. configuration control B. functional policy C. baseline D. authorizing official (AO)
answer
C
question
What is meant by certification? A. The formal acceptance by the authorizing official of the risk of implementing the system. B. A strategy to minimize risk by rotating employees between various systems or duties. C. The technical evaluation of a system to provide assurance that you have implemented the system correctly. D. A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies.
answer
C
question
What or who is the individual or team responsible for performing the security test and evaluation for the system and for preparing the report for the AO on the risk of operating the system? A. remediation B. certifier C. compliance liaison D. system owners
answer
D
question
________ is the process of managing changes to computer/device configuration or application software. A. Sprint B. Procedure control C. Change control D. Proactive change management
answer
C
question
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation. A. Procedure management B. Emergency operations policy C. Clean desk/clear screen policy D. Security administration policy
answer
C
question
The process of managing the baseline settings of a system device is called ________. A. guideline B. baseline C. configuration control D. sprint
answer
C
question
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________. A. emergency operations group B. security event team C. guideline control D. security administration
answer
A
question
Which of the following is the definition of guideline? A. A method of developing software that is based on small project iterations, or sprints, instead of long project schedules. B. Recorded information from system events that describes security-related activity. C. A recommendation to purchase or how to use a product or system. D. A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
answer
C
question
Which of the following is the definition of anomaly-based IDS? A. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity. B. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. C. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. D. Using tools to determine the layout and services running on an organization's systems and networks.
answer
B
question
Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________. A. controls B. management C. standards D. plan
answer
C
question
As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today. A. configuration B. controls C. monitoring D. settings
answer
B
question
One of the best ways to avoid wasting your organization's resources is to ensure that you follow the ________ review cycle. A. audit B. security C. benchmark D. monitoring
answer
...
question
It's essential to match your organization's required __________ with its security structure. A. monitoring B. permission level C. operating system D. recommendations
answer
B
question
Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures. A. applications B. mitigation activities C. configurations D. recommendations
answer
C
question
________ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization. A. Penetration testing B. Real-time monitoring C. An audit D. Vulnerability testing
answer
C
question
Audits are necessary because of ________. A. potential liability B. negligence C. mandatory regulatory compliance D. all of the above
answer
D
question
_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies. A. Real-time monitoring B. Gray-box testing C. SAS 70 D. White-box testing
answer
...
question
The ___________ framework defines the scope and contents of three levels of audit reports. A. Service Organization Control (SOC) B. permission-level C. real-time monitoring D. zone transfer
answer
A
question
How your organization responds to risk reflects the value it puts on its ___________. A. environment B. assets C. technology D. vulnerability
answer
B
question
A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost. A. risk B. control C. event D. response
answer
A
question
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________. A. critical business function B. disaster plan C. business continuity plan D. risk management plan
answer
C
question
___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization. A. Backup B. Incident C. Risk D. Preventive control
answer
C
question
A _____________ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls. A. threat B. impact C. risk D. vulnerability
answer
D
question
___________ refers to the amount of harm a threat can cause by exploiting a vulnerability. A. Impact B. Threat C. Risk D. Incident
answer
A
question
An attacker or event that might exploit a vulnerability is a(n) ____________. A. incident B. threat source C. cost D. Hacker
answer
B
question
A(n) ________ is an intent and method to exploit a vulnerability. A. impact B. incident C. threat source D. safeguard
answer
...
question
A threat source can be a situation or method that might accidentally trigger a(n) ____________. A. event B. incident C. vulnerability D. control
answer
C
question
A(n) ________ is a measurable occurrence that has an impact on the business. A. corrective control B. event C. cost D. critical business function
answer
B
question
Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________. A. security B. privacy C. nonrepudiation D. reliability
answer
C
question
What term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely? A. hash B. key distribution C. asymmetric key cryptography D. symmetric key cryptography
answer
...
question
The number of possible keys to a cipher is a ___________. A. checksum B. cryptosystem C. keyspace D. key directory
answer
...
question
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________. A. decryption B. breaking codes C. brute-force attack D. cryptanalysis
answer
...
question
The most scrutinized cipher in history is the ________. A. Data Encryption Standard (DES) B. keyword mixed alphabet cipher C. transposition cipher D. Vigenère cipher
answer
...
question
________ is a one-way calculation of information that yields a result usually much smaller than the original message. A. Caesar cipher B. Checksum C. Hash D. Symmetric key
answer
...
question
A ________ is one of the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A. A. Caesar cipher B. Vigenère cipher C. transposition cipher D. product cipher
answer
...
question
_______________ enables you to prevent a party from denying a previous statement or action. A. Authentication B. Integrity C. Nonrepudiation D. Confidentiality
answer
...
question
Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information. A. Ownership B. Timestamping C. Revocation D. Message authentication
answer
...
question
Which OSI Reference Model layer includes all programs on a computer that interact with the network? A. Presentation Layer B. Session Layer C. Network Layer D. Application Layer
answer
...
question
Which OSI Reference Model layer is responsible for the coding of data? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer
answer
...
question
Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer
answer
...
question
Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network? A. Presentation Layer B. Session Layer C. Data Link Layer D. Transport Layer
answer
...
question
Which OSI Reference Model layer uses Media Access Control (MAC) addresses? Device manufacturers assign each hardware device a unique MAC address. A. Data Link Layer B. Presentation Layer C. Transport Layer D. Session Layer
answer
...
question
Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium? A. Data Link Layer B. Transport Layer C. Session Layer D. Physical Layer
answer
...
question
Which of the following is the definition of hub? A. A device that connects two or more networks and selectively interchanges packets of data between them. B. A network device that connects network segments, echoing all received traffic to all other ports. C. A firewall device that examines the state of a connection as well as simple address, port, and protocol rules to determine how to process a packet. D. A suite of protocols designed to connect sites securely using IP networks.
answer
...
question
________ is a suite of protocols designed to connect sites securely using IP networks. A. Dynamic Host Configuration Protocol (DHCP) B. Network access control (NAC) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Protocol Security (IPSec)
answer
...
question
________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job. A. Internet Protocol Security (IPSec) B. Dynamic Host Configuration Protocol (DHCP) C. Point-to-Point Tunneling Protocol (PPTP) D. Internet Control Message Protocol (ICMP)
answer
...
question
Network ________ is gathering information about a network for use in a future attack. A. reconnaissance B. eavesdropping C. denial of service D. surveying
answer
...
question
A method of security testing that isn't based directly on knowledge of a programs architecture is the definition of ...
answer
black-box testing
question
An auditing bechmark is the standard by which asystem is compared to determine whether it is securely configured
answer
true
question
AnSOC 1 report is commonly implemented for organizations that must complywith Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
answer
true
question
As your organization evolves and as threats mature, it is important to make sure your ... stil meets the risks you face today
answer
controls
question
What is necessary because of potential liability, negligence, mandatory regulatory complicance?
answer
Audits
question
If knowing about an audit changes user behavior, an audit will
answer
not be accurate
question
its essential to match your organizations required ... with its security structure
answer
permission level
question
The --- framework defines the scope and content of threelevels of audit reports.
answer
Service Organizaiton Control (SOC)
question
The following are al methods of collecting data: questionnaires, interviews, observation, and checklists.
answer
true
question
The primary differnece between SOC 2 and SOC 3 reports is thier...
answer
audience
question
What is security testing that is based on limited knowledge of an application's design?
answer
gray-box testing
question
a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer?
answer
operating system fingerprinting
question
What is the process of using tools to determine the layout and services running on an organization's systems and networks?
answer
network mapping
question
What is the technique of matching network traffic with rules or signatures based on the apprearance of the traffic and its relationship to other packets?
answer
stateful matching
question
An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
answer
anomaly-based IDS?
question
Incorrectly identifying abnormal activity as normal
answer
false negative
question
The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.
answer
hardend configuration
question
An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
answer
pattern-based IDS
question
Security testing that is based on knowledge of the application's design and source code.
answer
white box testing
question
________ provides information on what is happening as it happens.
answer
Real-time monitoring
question
A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________.
answer
risk avoidance
question
A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.
answer
administrative control
question
A control that is carried out or managed by a computer system is the definition of ________.
answer
technical control
question
A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost.
answer
risk
question
A measure installed to counter or address a specific threat is the definition of ________.
answer
countermeasure
question
A threate source can be a situation or a method that might accidentally trigger a
answer
vulnerability
question
A --- is an intent and method to exploit a vulnerability
answer
threat source
question
Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data.
answer
hot site
question
An organization seeks a balance between an acceptable level of a risk and the cost of reducing it.
answer
true
question
Anorganization knows that arisk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________.
answer
risk acceptance
question
Forensics and incident response are examples of ___________ controls.
answer
corrective
question
How your organization responds to risk reflects the value it puts on its ___________.
answer
assests
question
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.
answer
buisness continuity plan
question
Residual risk is the risk that remains after you have installed countermeasures and controls.
answer
true
question
The goal of risk amangement is to eliminate risk.
answer
false
question
The term detective control refers to a control that determines that a threat has landed in your system.
answer
true
question
________ allows anorganization to transfer risk to another entity. Insurance is a common way to reduce risk.
answer
risk assignment
question
________ is arisk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls.
answer
risk assessment
question
________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical.
answer
risk mitigation
question
___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.
answer
risk
question
A ________ is oneof the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.
answer
Vigenere cipher
question
A process that creates the first secure communications session between a client and a server is the definition of ________.
answer
SSL handshake
question
Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information.
answer
Timestamping
question
In a ________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst.
answer
Chosen-plaintext attack
question
In a --- , the cryptanalyst possesses certain pieces of information before and after encryption
answer
Known plaintext attack
question
In an asymmetric key system, where everyone shares the same secret, compromising one copy of the key compromises all copies.
answer
false
question
Symmetric key cryptography is a type of cryptography that cannot secure correspondence until after the two parties exchange keys.
answer
true
question
The number of possible keys to a cipher is a
answer
keyspace
question
The term certificate authority refers to a trusted repository of all public keys.
answer
false
question
The output of a one-way algorithm; a mathematically derived numerical representation of some input.
answer
check-sum
question
The process of issuing keys to valid users of a cryptosystem so they can communicate.
answer
key distribution
question
What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?
answer
Data encryption standard
question
What name is given to an encryption cipher that rearranges characters or bits of data?
answer
transposition cipher
question
What name is given to an encryption cipher that uniquely maps any letter to any other letter?
answer
simple substitution cipher
question
What name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity
answer
digital signature
question
What name is given to random characters that you can combine with an actual input key to create the encryption key?
answer
salt key
question
Which of the following is the definition of Vigenerecipher?
answer
An encryption cipher that uses multiple encrytpion cschemes in succession.
question
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.
answer
brute-force attack
question
_______________ enables you to prevent a party from denying a previous statement or action.
answer
non-repudiation
question
_______________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain.
answer
blowfish
question
A _____________ contains rules that define the types of traffic that can come and go through a network.
answer
firewall
question
A method to restrict access to a network based on identity or other rules is the definition of ________.
answer
network access control
question
A stateful inspection firewall compares received traffic with a set of rules that define which traffic it will permit to pass through the firewall.
answer
flase
question
Border firewalls simply seperate the protected network from the internet
answer
true
question
internet control message protocol is a method of IP address assignment that uses an alternate, public IP address to hide a systems real IP address
answer
fasle
question
One of the OSI Reference Model layers, the Network Layer, is responsible for the logical implementation of the network.
answer
true
question
One of the OSI Reference Model layers,the Transport Layer, is responsible for maintaining communication sessions between computers.
answer
false
question
Telephony denial of service (TDoS) is a variation of a denial of service (DoS) attack, but is launched against traditional and packet-based telephone systems. A TDoS attack disrupts an organization's use of its telephone system through a variety of methods.
answer
true
question
The traceroute command displays the path that a particular packet follows so you can identify the source of potential network problems.
answer
true
question
What name is given to a protocol to implement a VPN connection between two computers?
answer
Point to Point tunneling protocol
question
What term is used to describe the current encryption standard for wireless networks?
answer
Wi- Fi protected access
question
Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network?
answer
Session Layer
question
Which OSI Reference Model layer includes all programs on a computer that interact with the network?
answer
Application Layer
question
Which OSI Reference Model layer is responsible for the coding of data?
answer
Presentation layer
question
Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?
answer
Physical Layer
question
Which OSI Reference Model layer uses Media Access Control (MAC) addresses?Device manufacturers assign each hardware device a unique MAC address.
answer
DataLink Layer
question
Which of the following is the definition of network address translation ?
answer
A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
question
A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.
answer
packet-filtering firewall
question
________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job.
answer
DHCP
question
________ is asuite of protocols designed to connect sites securely using IP networks.
answer
Internet Protocol Security (IPSec)
question
A ________ enables the virus to take control and execute before the computer can load most protective measures.
answer
System infector
question
A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).
answer
file infector
question
A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.
answer
phishing attack
question
Anomaly detection involves developing a network baseline profile of normal or acceptable activity, such as services or traffic patterns, and then measuring actual network traffic againstthis baseline.
answer
true
question
Defense in depth combines the capabilities of people, operations, and security technologies to establish multiple layers of protection, eliminating single lines of defense and effectively raising the cost of an attack.
answer
true
question
In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.
answer
SYN Flood attack
question
Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.
answer
availability
question
Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.
answer
integrety
question
The primary characteristic of a virus is that it replicates and generally involves user action of some type
answer
true
question
Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarmthresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.
answer
worm
question
Unlike viruses, worms do not require a host program in order to survive and replicate.
answer
true
question
Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a ________.
answer
trojan
question
A type of virus that infects other files and spreads in multiple ways.
answer
What is meant by multiparite virus
question
What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software?
answer
stealth virus
question
What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus?
answer
polymorphic virus
question
Whether software or hardwarebased, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker.
answer
keystroke logger
question
A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.
answer
a botnet
question
A program that executes a malicious function of some kind when it detects certain conditions.
answer
logic bomb
question
________ attack countermeasures such as antivirus signature files or integrity databases.
answer
retro virus
question
_____________ are the main source of distributed denial of service (DDoS) attacks and spam.
answer
botnets
question
ISO 17799 is an international security standard.
answer
true
question
Ininformation technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.
answer
true
question
The ANSI produces standards that affect nearly all aspects of IT.
answer
true
question
The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.
answer
false
question
The Payment Card Industry Data Security Standard (PCI DSS) is an international standard for handling transactions involving payment cards.
answer
true
question
The ________ is aU.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
answer
American National Standards Institute
question
The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.
answer
W3C
question
The ________ is the main United Nations agency responsible for managing and promoting information and technology issues.
answer
Internation Telecommunication Union
question
The _____________ is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.
answer
International Electrotechnical Commission
question
The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.
answer
true
question
Unlike other organizations that specifically focus on engineering or technical aspects of computing and communication, the __________ primarily addresses standards that support software development and computer system operation.
answer
ISO
question
What do the letters of the C - I - A triad stand for?
answer
confidential , integrety, availabilty
question
A federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."
answer
NIST
question
A U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
answer
ANSI
question
A standards organization that develops and promotes Internet standards.
answer
Internet Engineering Task Force
question
________ is a document produced by the IETF thatcontains standards as well as other specifications or descriptive contents.
answer
A request for comments (RFC)
question
The Internet Architecture Board (IAB) is a subcommittee of the IETF composed of independent researchers and professionals who have a technical interest the overall well-being of the Internet.
answer
true
question
A certificate of completion is a document that is given to a student upon completion of the program and is signed by the instructor.
answer
true
question
A professional certification states that you have taken the course and completed the tasks and assignments.
answer
false
question
An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.
answer
continuing education
question
Certifications that require additional education generally specity the number of credits each certificate requires
answer
true
question
In general, security training programs are identical to security education programs with respect to their focus on skills and in their duration.
answer
false
question
Most certifications require certification holders to pursue additional education each year to keep their certifications current.
answer
True
question
Most educational institutions offer accelerated programs to complete PhD degree requirements in less than one year.
answer
False
question
Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.
answer
NSA
question
The Office of Personnel Management (OPM) requires that federal agencies provide the training suggested by the NIST guidelines.
answer
true
question
The current term for online study is distance learning
answer
true
question
The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.
answer
profesisonal development
question
The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.
answer
true
question
The most difficult and slowest option for IT security training is studying materials yourself.
answer
false
question
The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.
answer
continueing education
question
The standard bachelor's designation is a four-year diploma program.
answer
false
question
What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment?
answer
Certificate of completion
question
What name is given to educational institueitons that meet specifif federal information assurance educational guidelines
answer
continuing education centers
question
Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.
answer
true
question
Which of the following is the definition of continuing professional education (CPE)?
answer
A standard unit of credit that equals 50 minutes of instruction.
question
________refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.
answer
accredited
question
An information security safeguard is also called in informaiton security control
answer
true
question
GLBA distinguishes between customers and consumers for its notice requirements. A customer is any person who gets a consumer financial product or service from a financial institution.
answer
false
question
Generically, this is data that can be used to individually identify a person, including Social Security number, driver's license number, financial account data, and health data.
answer
Personally identifiable information
question
Information regulated under the GRamm Leach Bliey Act is
answer
consumer financial information
question
Information regulated under the sarbanes oxley act is
answer
corporate financial information
question
Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise.
answer
true
question
One of the most important parts of a FISMA information security program is that agencies test and evaluate it.
answer
true
question
SOX doesn't apply to publicly traded companies
answer
false
question
Social Security numbers, financial account numbers, credit card numbers, and date of birthare examples of __________ as stipulated under GLBA.
answer
NPI
question
Students who have had their FERPA rights violated are allowed to sue a school for that violation.
answer
False
question
The FTC Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data. It also must describe the controls used to protect that data.
answer
true
question
The Family Educational Rights and Privacy Act (FERPA) is the main federal law protecting the privacy of student information.
answer
true
question
The ________ is aregulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function.
answer
minimum necessary rule
question
The regulating agency for the Family Educational Rights and Privacy Act is the ________.
answer
U.S. department of eduacation
question
The regulating agency for the Gramm Leach Bliley act is the
answer
FTC
question
The regulating agency for the Sarbanes-Oxley Act is the ________.
answer
Securities and Exchange Commission
question
Under CIPA, a technology protection measure is any technology that can block or filter the objectionable content.
answer
true
question
What name is given to patient health information that is computerbased?
answer
electronic protected health information
question
Which regulating agency has oversight for the Children's Internet Protection ACt?
answer
FCC
question
____________ is a person's right to control the use and disclosure of his or her own personal information.
answer
privacy
question
A method of security testing that isn't based directly on knowledge of a programs architecture is the definition of ...
answer
black-box testing
question
An auditing bechmark is the standard by which asystem is compared to determine whether it is securely configured
answer
true
question
AnSOC 1 report is commonly implemented for organizations that must complywith Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
answer
true
question
As your organization evolves and as threats mature, it is important to make sure your ... stil meets the risks you face today
answer
controls
question
What is necessary because of potential liability, negligence, mandatory regulatory complicance?
answer
Audits
question
If knowing about an audit changes user behavior, an audit will
answer
not be accurate
question
its essential to match your organizations required ... with its security structure
answer
permission level
question
The --- framework defines the scope and content of threelevels of audit reports.
answer
Service Organizaiton Control (SOC)
question
The following are al methods of collecting data: questionnaires, interviews, observation, and checklists.
answer
true
question
The primary differnece between SOC 2 and SOC 3 reports is thier...
answer
audience
question
What is security testing that is based on limited knowledge of an application's design?
answer
gray-box testing
question
a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version are running on a computer?
answer
operating system fingerprinting
question
What is the process of using tools to determine the layout and services running on an organization's systems and networks?
answer
network mapping
question
What is the technique of matching network traffic with rules or signatures based on the apprearance of the traffic and its relationship to other packets?
answer
stateful matching
question
An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
answer
anomaly-based IDS?
question
Incorrectly identifying abnormal activity as normal
answer
false negative
question
The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.
answer
hardend configuration
question
An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
answer
pattern-based IDS
question
Security testing that is based on knowledge of the application's design and source code.
answer
white box testing
question
________ provides information on what is happening as it happens.
answer
Real-time monitoring
question
A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________.
answer
risk avoidance
question
A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.
answer
administrative control
question
A control that is carried out or managed by a computer system is the definition of ________.
answer
technical control
question
A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost.
answer
risk
question
A measure installed to counter or address a specific threat is the definition of ________.
answer
countermeasure
question
A threate source can be a situation or a method that might accidentally trigger a
answer
vulnerability
question
A --- is an intent and method to exploit a vulnerability
answer
threat source
question
Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data.
answer
hot site
question
An organization seeks a balance between an acceptable level of a risk and the cost of reducing it.
answer
true
question
Anorganization knows that arisk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________.
answer
risk acceptance
question
Forensics and incident response are examples of ___________ controls.
answer
corrective
question
How your organization responds to risk reflects the value it puts on its ___________.
answer
assests
question
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.
answer
buisness continuity plan
question
Residual risk is the risk that remains after you have installed countermeasures and controls.
answer
true
question
The goal of risk amangement is to eliminate risk.
answer
false
question
The term detective control refers to a control that determines that a threat has landed in your system.
answer
true
question
________ allows anorganization to transfer risk to another entity. Insurance is a common way to reduce risk.
answer
risk assignment
question
________ is arisk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls.
answer
risk assessment
question
________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical.
answer
risk mitigation
question
___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization.
answer
risk
question
A ________ is oneof the simplest substitution ciphers. It shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A.
answer
Vigenere cipher
question
A process that creates the first secure communications session between a client and a server is the definition of ________.
answer
SSL handshake
question
Certain security objectives add value to information systems. _________ provides an exact time when a producer creates or sends information.
answer
Timestamping
question
In a ________, the cryptanalyst can encrypt any information and observe the output. This is best for the cryptanalyst.
answer
Chosen-plaintext attack
question
In a --- , the cryptanalyst possesses certain pieces of information before and after encryption
answer
Known plaintext attack
question
In an asymmetric key system, where everyone shares the same secret, compromising one copy of the key compromises all copies.
answer
false
question
Symmetric key cryptography is a type of cryptography that cannot secure correspondence until after the two parties exchange keys.
answer
true
question
The number of possible keys to a cipher is a
answer
keyspace
question
The term certificate authority refers to a trusted repository of all public keys.
answer
false
question
The output of a one-way algorithm; a mathematically derived numerical representation of some input.
answer
check-sum
question
The process of issuing keys to valid users of a cryptosystem so they can communicate.
answer
key distribution
question
What name is given to an encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation?
answer
Data encryption standard
question
What name is given to an encryption cipher that rearranges characters or bits of data?
answer
transposition cipher
question
What name is given to an encryption cipher that uniquely maps any letter to any other letter?
answer
simple substitution cipher
question
What name is given to an object that uses asymmetric encryption to bind a message or data to a specific entity
answer
digital signature
question
What name is given to random characters that you can combine with an actual input key to create the encryption key?
answer
salt key
question
Which of the following is the definition of Vigenerecipher?
answer
An encryption cipher that uses multiple encrytpion cschemes in succession.
question
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.
answer
brute-force attack
question
_______________ enables you to prevent a party from denying a previous statement or action.
answer
non-repudiation
question
_______________ is another symmetric algorithm that organizations currently use. It is a 64-bit block cipher that has a variable key length from 32 to 448 bits. It is much faster than DES or IDEA and is a strong algorithm that has been included in more than 150 products, as well as v2.5.47 of the Linux kernel. Its author, Bruce Schneier, placed it in the public domain.
answer
blowfish
question
A _____________ contains rules that define the types of traffic that can come and go through a network.
answer
firewall
question
A method to restrict access to a network based on identity or other rules is the definition of ________.
answer
network access control
question
A stateful inspection firewall compares received traffic with a set of rules that define which traffic it will permit to pass through the firewall.
answer
flase
question
Border firewalls simply seperate the protected network from the internet
answer
true
question
internet control message protocol is a method of IP address assignment that uses an alternate, public IP address to hide a systems real IP address
answer
fasle
question
One of the OSI Reference Model layers, the Network Layer, is responsible for the logical implementation of the network.
answer
true
question
One of the OSI Reference Model layers,the Transport Layer, is responsible for maintaining communication sessions between computers.
answer
false
question
Telephony denial of service (TDoS) is a variation of a denial of service (DoS) attack, but is launched against traditional and packet-based telephone systems. A TDoS attack disrupts an organization's use of its telephone system through a variety of methods.
answer
true
question
The traceroute command displays the path that a particular packet follows so you can identify the source of potential network problems.
answer
true
question
What name is given to a protocol to implement a VPN connection between two computers?
answer
Point to Point tunneling protocol
question
What term is used to describe the current encryption standard for wireless networks?
answer
Wi- Fi protected access
question
Which OSI Reference Model layer creates, maintains, and disconnects communications that take place between processes over the network?
answer
Session Layer
question
Which OSI Reference Model layer includes all programs on a computer that interact with the network?
answer
Application Layer
question
Which OSI Reference Model layer is responsible for the coding of data?
answer
Presentation layer
question
Which OSI Reference Model layer must translate the binary ones and zeros of computer language into the language of the transport medium?
answer
Physical Layer
question
Which OSI Reference Model layer uses Media Access Control (MAC) addresses?Device manufacturers assign each hardware device a unique MAC address.
answer
DataLink Layer
question
Which of the following is the definition of network address translation ?
answer
A method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
question
A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator.
answer
packet-filtering firewall
question
________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job.
answer
DHCP
question
________ is asuite of protocols designed to connect sites securely using IP networks.
answer
Internet Protocol Security (IPSec)
question
A ________ enables the virus to take control and execute before the computer can load most protective measures.
answer
System infector
question
A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).
answer
file infector
question
A ____________ tricks users into providing logon information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.
answer
phishing attack
question
Anomaly detection involves developing a network baseline profile of normal or acceptable activity, such as services or traffic patterns, and then measuring actual network traffic againstthis baseline.
answer
true
question
Defense in depth combines the capabilities of people, operations, and security technologies to establish multiple layers of protection, eliminating single lines of defense and effectively raising the cost of an attack.
answer
true
question
In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.
answer
SYN Flood attack
question
Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.
answer
availability
question
Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.
answer
integrety
question
The primary characteristic of a virus is that it replicates and generally involves user action of some type
answer
true
question
Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarmthresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.
answer
worm
question
Unlike viruses, worms do not require a host program in order to survive and replicate.
answer
true
question
Unrecognized new processes running, startup messages indicating that new software has been (or is being) installed (registry updating), unresponsiveness of applications to normal commands, and unusual redirection of normal Web requests to unknown sites are all telltale symptoms of a ________.
answer
trojan
question
A type of virus that infects other files and spreads in multiple ways.
answer
What is meant by multiparite virus
question
What name is given to a type of virus that uses a number of techniques to conceal itself from the user or detection software?
answer
stealth virus
question
What term is used to describe a type of virus that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus?
answer
polymorphic virus
question
Whether software or hardwarebased, a ____________ captures keystrokes, or user entries, and then forwards that information to the attacker.
answer
keystroke logger
question
A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.
answer
a botnet
question
A program that executes a malicious function of some kind when it detects certain conditions.
answer
logic bomb
question
________ attack countermeasures such as antivirus signature files or integrity databases.
answer
retro virus
question
_____________ are the main source of distributed denial of service (DDoS) attacks and spam.
answer
botnets
question
ISO 17799 is an international security standard.
answer
true
question
Ininformation technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.
answer
true
question
The ANSI produces standards that affect nearly all aspects of IT.
answer
true
question
The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.
answer
false
question
The Payment Card Industry Data Security Standard (PCI DSS) is an international standard for handling transactions involving payment cards.
answer
true
question
The ________ is aU.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
answer
American National Standards Institute
question
The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.
answer
W3C
question
The ________ is the main United Nations agency responsible for managing and promoting information and technology issues.
answer
Internation Telecommunication Union
question
The _____________ is the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.
answer
International Electrotechnical Commission
question
The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.
answer
true
question
Unlike other organizations that specifically focus on engineering or technical aspects of computing and communication, the __________ primarily addresses standards that support software development and computer system operation.
answer
ISO
question
What do the letters of the C - I - A triad stand for?
answer
confidential , integrety, availabilty
question
A federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."
answer
NIST
question
A U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
answer
ANSI
question
A standards organization that develops and promotes Internet standards.
answer
Internet Engineering Task Force
question
________ is a document produced by the IETF thatcontains standards as well as other specifications or descriptive contents.
answer
A request for comments (RFC)
question
The Internet Architecture Board (IAB) is a subcommittee of the IETF composed of independent researchers and professionals who have a technical interest the overall well-being of the Internet.
answer
true
question
A certificate of completion is a document that is given to a student upon completion of the program and is signed by the instructor.
answer
true
question
A professional certification states that you have taken the course and completed the tasks and assignments.
answer
false
question
An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.
answer
continuing education
question
Certifications that require additional education generally specity the number of credits each certificate requires
answer
true
question
In general, security training programs are identical to security education programs with respect to their focus on skills and in their duration.
answer
false
question
Most certifications require certification holders to pursue additional education each year to keep their certifications current.
answer
True
question
Most educational institutions offer accelerated programs to complete PhD degree requirements in less than one year.
answer
False
question
Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.
answer
NSA
question
The Office of Personnel Management (OPM) requires that federal agencies provide the training suggested by the NIST guidelines.
answer
true
question
The current term for online study is distance learning
answer
true
question
The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.
answer
profesisonal development
question
The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.
answer
true
question
The most difficult and slowest option for IT security training is studying materials yourself.
answer
false
question
The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.
answer
continueing education
question
The standard bachelor's designation is a four-year diploma program.
answer
false
question
What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment?
answer
Certificate of completion
question
What name is given to educational institueitons that meet specifif federal information assurance educational guidelines
answer
continuing education centers
question
Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.
answer
true
question
Which of the following is the definition of continuing professional education (CPE)?
answer
A standard unit of credit that equals 50 minutes of instruction.
question
________refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.
answer
accredited
question
An information security safeguard is also called in informaiton security control
answer
true
question
GLBA distinguishes between customers and consumers for its notice requirements. A customer is any person who gets a consumer financial product or service from a financial institution.
answer
false
question
Generically, this is data that can be used to individually identify a person, including Social Security number, driver's license number, financial account data, and health data.
answer
Personally identifiable information
question
Information regulated under the GRamm Leach Bliey Act is
answer
consumer financial information
question
Information regulated under the sarbanes oxley act is
answer
corporate financial information
question
Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise.
answer
true
question
One of the most important parts of a FISMA information security program is that agencies test and evaluate it.
answer
true
question
SOX doesn't apply to publicly traded companies
answer
false
question
Social Security numbers, financial account numbers, credit card numbers, and date of birthare examples of __________ as stipulated under GLBA.
answer
NPI
question
Students who have had their FERPA rights violated are allowed to sue a school for that violation.
answer
False
question
The FTC Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data. It also must describe the controls used to protect that data.
answer
true
question
The Family Educational Rights and Privacy Act (FERPA) is the main federal law protecting the privacy of student information.
answer
true
question
The ________ is aregulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function.
answer
minimum necessary rule
question
The regulating agency for the Family Educational Rights and Privacy Act is the ________.
answer
U.S. department of eduacation
question
The regulating agency for the Gramm Leach Bliley act is the
answer
FTC
question
The regulating agency for the Sarbanes-Oxley Act is the ________.
answer
Securities and Exchange Commission
question
Under CIPA, a technology protection measure is any technology that can block or filter the objectionable content.
answer
true
question
What name is given to patient health information that is computerbased?
answer
electronic protected health information
question
Which regulating agency has oversight for the Children's Internet Protection ACt?
answer
FCC
question
____________ is a person's right to control the use and disclosure of his or her own personal information.
answer
privacy
question
Which of the following is the definition of anomaly-based IDS?
answer
An intrusion detection system that compares current activity with stored profilesof normal (expected) activity.
question
As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.
answer
controls
question
Which of the following is the definition of false negative?
answer
Incorrectly identifying abnormal activity as normal.
question
It's essential to match your organization's required __________ withits security structure.
answer
permission level
question
_________ was developed for organizations such as insurance and medicalclaims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.
answer
SAS 70
question
SOC 2 and SOC 3 reports both address primarily ________-related controls.
answer
security
question
If knowing about an audit changes user behavior, anaudit will ____________.
answer
not be accurate
question
________gives you the opportunity to review your risk-management program and toconfirm that the program has correctly identified and reduced (or otherwise addressed)the risks to your organization.
answer
An audit
question
A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________.
answer
administrative control
question
________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk.
answer
Quantitative risk analysis
question
An attacker or event that mightexploit a vulnerability is a(n) ____________.
answer
threat source
question
A threat source can be a situation or method that might accidentally trigger a(n) ____________.
answer
vulnerability
question
How your organization responds to risk reflects the value it puts on its ___________.
answer
assets
question
________represents the percentage of the asset value that will be lost if an incident were to occur.
answer
Exposure factor (EF)
question
It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________.
answer
business continuity plan
question
A _____________ is a flaw or weakness in asystem's security procedures, design, implementation, or internal controls.
answer
vulnerability
question
_______________ enables you to prevent a party from denying a previous statement or action.
answer
Nonrepudiation
question
Cryptography accomplishes four security goals: confidentiality, integrity, authentication, and ________________.
answer
nonrepudiation
question
What term is used to describe a type of cryptography that uses a cipher with two separate keys, one for encryption and one for decryption, so that correspondents do not first have to exchange secret information to communicate securely?
answer
asymmetric key cryptography
question
There are four basic forms of a cryptographic attack. In a ________, the cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data mightbe.
answer
Ciphertext-only attack (COA)
question
In a ________, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system.
answer
Chosen-ciphertext attack
question
What is meant by checksum?
answer
The output of a one-way algorithm; a mathematically derived numerical representation of some input.
question
Without any knowledge of the key, an attacker with access to an encrypted message and the decryption cipher could try every possible key to decode the message. This is referred to as ________.
answer
brute-force attack
question
________ is the act of unscrambling ciphertext into plaintext.
answer
Decryption
question
________is a one-way calculation of information that yields a result usually much smaller than the original message.
answer
Checksum
question
________ allows the computer to get its configuration information from the network instead of the network administrator providing the configuration information to the computer. It provides a computer with an IP address, subnet mask, and other essential communication information, simplifying the network administrator's job.
answer
Dynamic Host Configuration Protocol (DHCP)
question
A method to restrict access to a network based on identity or other rules is the definition of ________.
answer
network access control (NAC)
question
Which OSI Reference Model layer includes all programs on a computer that interact with the network?
answer
Application Layer
question
Which OSI Reference Model layer uses Media Access Control (MAC) addresses?Device manufacturers assign each hardware device a unique MAC address.
answer
Data Link Layer
question
Which OSI Reference Model layer is responsible for transmitting information on computers connected to the same local area network (LAN)?
answer
Data Link Layer
question
A method to restrict access to a network based on identity or other rules is the definition of ________.
answer
network access control (NAC)
question
Which of the following is the definition of hub?
answer
A network device that connects network segments, echoing all received traffic to all other ports.
question
Which of the following is the definition of botnet?
answer
A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.
question
Malicious code attacks all three information security properties.Malware can modify database records either immediately or over a period of time. This property is ________.
answer
integrity
question
Malware developers often use _____________ to write boot record infectors.
answer
assembly language
question
________ attack countermeasures such as antivirus signature files or integrity databases.
answer
Retro viruses
question
Unexplained increases in bandwidth consumption, high volumes of inbound and outbound e-mail during normal activity periods, a sudden increase in e-mail server storage utilization (this may trigger alarmthresholds set to monitor and manage disk/user partition space), and an unexplained decrease in available disk space are all telltale symptoms of a ________.
answer
worm
question
________are viruses that target computer hardware and software startup functions.
answer
System infectors
question
A ________ enables the virus to take control and execute before the computer can load most protective measures.
answer
system infector
question
A ___________ is a program that executes a malicious function of some kind when it detects certain conditions.
answer
logic bomb
question
____________ is the practice of hiding data and keeping it away from unauthorized users.
answer
Cryptography
question
___________ is the process of transforming data from cleartext into ciphertext.
answer
Encryption
question
Software vendors must protect themselves from the liabilities of their own vulnerabilities with a(n) ____________.
answer
End-User License Agreement (EULA)
question
A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.
answer
disaster recovery plan (DRP)
question
SIP is a ___________ protocol used to support real-time communications.
answer
signaling
question
A ___________ gives priorities to the functions an organization needs to keep going.
answer
business continuity plan (BCP)
question
___________ is the duty of every government that wants to ensure its national security.
answer
Cybersecurity
question
The world needs people who understand computer-systems ________ and who can protect computers and networks from criminals and terrorists.
answer
security
question
Connecting your computers or devices to the ________ immediately exposes them to attack.
answer
Internet
question
Today, people working in cyberspace must deal with new and constantly evolving ________.
answer
threats
question
As users upgrade LANs to GigE or 10GigE, switches must support ________ and data IP traffic.
answer
voice
question
During the late 1980s into the early 1990s, service providers converted the core switches at their central offices from ______________ to digital central office (CO) switches.
answer
analog
question
The ________ in analog communications is one error for every 1,000 bits sent; in digital communications, the __________ is one error for every 1,000,000 bits sent.
answer
bit error rate
question
Voice and unified communications are ________ applications that use 64-byte IP packets.
answer
Session Initiation Protocol (SIP)
question
________ is the basis for unified communications and is the protocol used by real-time applications such as IM chat, conferencing, and collaboration.
answer
Session Initiation Protocol (SIP)
question
E-commerce systems and applications demand strict C-I-A ________.
answer
security controls
question
. A common DSL service is ________, where the bandwidth is different for downstream and upstream traffic.
answer
asymmetric digital subscriber line (ADSL)
question
Audio conferencing is a software-based, real-time audio conference solution for ________ callers.
answer
VoIP
question
What is meant by application convergence?
answer
The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail.
question
What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications?
answer
asynchronous transfer mode (ATM)
question
Confidentiality
answer
Only authorized users can view information.
question
Integrity
answer
Only authorized users can change information.
question
Availability
answer
Information is accessible to authorized users any time they request that information.
question
Information Security Procedure
answer
Protect, Detect, and React (Only a problem for integrity)
question
Information Security
answer
Collection of activities that protect information systems and the data stored in it.
question
Threat Model
answer
1. Asset 2. Vulnerability 3. Threat 4. Risk
question
Asset
answer
Something that needs to be protected.
question
Vulnerability
answer
A weakness in the system that can be exploited to cause harm.
question
Threat
answer
Something or someone that can cause harm.
question
Risk
answer
The probability of damage to an asset. (Risk = Vulnerability * Threat)
question
What assets do we need to protect?
answer
1. IT infrastructure 2. Intellectual property 3. Financial information 4. Service availability and productivity 5. Reputation
question
Policy
answer
Written formal statements that outline the rules (do/don't s) to secure a system.
question
Procedure
answer
Mechanisms that implement the policy (One for each policy).
question
Industry Data Classifications
answer
1. Private Data 2. Confidential Data 3. Internal Data 4. Public Data
question
U.S. Dept. of Defense Data Classifications
answer
1. Top Secret 2. Secret 3. Confidential 4. Unclassified
question
Cryptography
answer
The practice of hiding the data and keeping it away from unauthorized users.
question
Encryption
answer
The process of transforming data from clear-text into ciphertext.
question
Black-hat Hacker
answer
An individual who tries to break IT security and gain access to systems without authorization.
question
White-hat Hacker
answer
An authorized professional who identify vulnerabilities and perform penetration testing.
question
Grey-hat Hacker
answer
An intermediate-skilled hacker who could become a black-hat hacker or white-hat hacker.
question
Security Breach
answer
Any event that results in a violation of any of the C-I-A security tenants.
question
Denial of Service (DoS) Attack
answer
A coordinated attempt to deny service by causing a computer to perform an unproductive task.
question
Distributed Denial of Service (DDoS) Attack
answer
Attackers hijack Internet computers to plant automated attack agents to bombard a site with forged messages by each computer.
question
SYN Flood
answer
The attacker sends a large number of packets requesting connections to the victim computer, filling up their connections table and denying service to legitimate users.
question
Wire Tapping: Passive
answer
An unauthorized user listening to communication without changing the data.
question
Wire Tapping: Active ~ Between-The-Lines
answer
An unauthorized user that does not alter the original messages but inserting additional messages in between lines.
question
Wire Tapping: Active ~ Piggyback-Entry
answer
Actual communication is changed and routed through a different server.
question
Protocol Analyzer
answer
A software program that enables a computer to monitor and capture network traffic.
question
Port Scanner
answer
A tool that scans IP host devices for open ports that are enabled.
question
OS Fingerprint Scanner
answer
A software program that allows an attacker to send logon packets to a IP host device.
question
Vulnerability Scanner
answer
A software program that identifies and detects what operating system and software is installed on an IP host device.
question
Exploit Software
answer
An application that incorporates known software vulnerabilities to "exploit" a weakness of an IP host device or computer system.
question
Password Cracker
answer
The process of recovering a password that can be performed by a brute-force attack or dictionary attack.
question
Keystroke Logger
answer
Hardware or software that can record every keystroke a user makes on a keyboard into a log file.
question
Backdoor
answer
A direct and easy access to a system.
question
Downtime -> Unintentional ->
answer
1. Human Error 2. System Failure 3. Attack (DoS)
question
If VoIP traffic needs to traverse through a WAN with congestion, you need
answer
quality of service (QoS)
question
T/F The up-to-date Common Vulnerabilities & Exposure list is maintained and managed by the U.S. Department of Finance.
answer
False
question
T/F The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is =SLE × ARO.
answer
False
question
What is meant by multi-tenancy?
answer
A database feature that allows different groups of users to access the database without being able to access each other's data.
question
Which of the following is the definition of system owner?
answer
The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.
question
A security awareness program includes
answer
All: teaching employees about security objectives motivating users to comply with security policies informing users about trends and threats in society
question
T/F System owners are in control of data classification.
answer
False
question
Voice and unified communications are ________ applications that use 64-byte IP packets.
answer
real-time
question
T/F A way to protect your organization from personnel-related security violationsis to use job rotation. This minimizes risk by rotating employees among various systems or duties, which prevents collusion.
answer
True
question
What term is used to describe communication that doesn't happen in real time but rather consists of messages (voice or e-mail) that are stored on a server and downloaded to endpoint devices?
answer
store-and-forward communications
question
What is meant by promiscuous mode?
answer
The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
question
The act of transforming clear text data into undecipherable cipher text is the definition of __________.
answer
encryption
question
________ is the difference between the security controls you have in place and the controls youneed to have in place in order to address all vulnerabilities.
answer
Security gap
question
The recovery point objective (RPO) identifies the amount of _________ that is acceptable.
answer
data loss
question
T/F The term Bring Your Own Device (BYOD) refers to an organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings and other benefits but also presents security risks.
answer
True
question
T/F Until the mid-1980s, personal and business communications involved three primary tools: telephone, answering machines and voicemail, and the Internet.
answer
False
question
SIP is a ___________ protocol used to support real-time communications.
answer
signaling
question
A ________ is a collection of computers connected to one another or to a common connection medium.
answer
local area network (LAN)
question
T/F A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.
answer
True
question
________ is the basis for unified communications and is the protocol used by real-timeapplications such as IM chat, conferencing, and collaboration.
answer
Session Initiation Protocol (SIP)
question
T/F Authority-level policy is adatabase feature that allows different groups of users to access the database without being able to access each other's data.
answer
False
question
Which of the following adequately defines continuous authentication?
answer
An authentication method in which a user is authenticated at multiple times or event intervals.
question
What is meant by call control?
answer
The software in a phone system that performs the call switching from an inboundtrunk to a phone extension.
question
What is meant by digital subscriber line (DSL)?
answer
A high-speed digital broadband service that uses copper cabling for Internet access.
question
What is the Project Management Body of Knowledge (PMBOK)?
answer
A collection of the knowledge and best practices of the project management profession.
question
T/F The network security group is responsible for the Internet-to-WAN Domain.
answer
False
question
What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications?
answer
dense wavelength division multiplexing (DWDM)
question
What is meant by risk register?
answer
A list of identified risks that results from the risk-identification process.
question
A method of restricting resource access to specific periods of time is called ________.
answer
temporal isolation
question
________ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.
answer
Brute-force password attack
question
T/F A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences.
answer
True
question
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.
answer
Clean desk/clear screen policy
question
T/F Many jurisdictions require audits by law.
answer
True
question
T/F The difference between black-hat hackers and white-hat hackers is that black-hat hackers are mainly concerned with finding weaknesses for the purpose of fixing them, and white-hat hackers want to find weaknesses just for the fun of it or to exploit them.
answer
False
question
What is meant by rootkit?
answer
A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
question
T/F AnSOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
answer
True
question
T/F Having too many risks in the risk register is much better than overlooking any severe risk that does occur.
answer
True
question
The physical part of the LAN Domain includes a __________, which is an interface between the computer and the LAN physical media.
answer
network interface card (NIC)
question
Which of the following is the definition of business drivers?
answer
The collection of components, including people, information, and conditions, that support business objectives.
question
What is a Security Information and Event Management (SIEM) system?
answer
Software and devices that assist in collecting, storing, and analyzing the contents of log files.
question
T/F An attacker will use exploit software when performing vulnerability assessments and intrusive penetration testing.
answer
True
question
The goal of ____________ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks.
answer
quantitative risk analysis
question
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program.
answer
training
question
As users upgrade LANs to GigE or 10GigE, switches must support ________ and data IP traffic.
answer
voice
question
T/F Successfully connecting to a computer using a modem makes it impossible to access the rest of the organization's network.
answer
False
question
E-commerce changed how businesses sell, and the ________ changed how they market.
answer
Internet
question
The ___________ framework defines the scope and contents of three levels of audit reports.
answer
Service Organization Control (SOC)
question
T/F Voice and data traffic should be segmented on different backbone links to optimize performance, segment voice, and data traffic on separate GigE or 10GigEfiber-optic trunks.
answer
True
question
T/F The International Information Systems Security Certification Consortium (ISC)2, has two certifications: Systems Security Certified Practitioner (SSCP®) and Certified Information Systems Security Professional (CISSP®). CISSP candidates must pass a difficult and comprehensive exam and have at least 5 years of professional information security experience.
answer
True
question
________ is an authorization method in which access to resources is decided by the user's formal status.
answer
Authority-level policy
question
T/F Resources are protected objects in a computing system, such as files, computers, or printers.
answer
True
question
An organization's facilities manager might give you a security card programmed with your employee ID number, also known as a ________.
answer
smart card
question
T/F The weakest link in the security of an IT infrastructure is the server.
answer
False
question
You can use quantitative risk analysis for all risks on the risk register;however, the amount of effort required may be overkill for _____________ risks.
answer
low probability low impact
question
T/F The audit itself sets new policies.
answer
False
question
What is meant by application convergence?
answer
The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail.
question
The ____________ represents the fourth layer of defense for a typical IT infrastructure.
answer
LAN-to-WANDomain
question
Which of the following defines network mapping?
answer
Using tools to determine the layout and services running on an organization's systems and networks.
question
Malicious software can be hidden in a ________.
answer
URL link PDF file ZIP file all of the above
question
________ is the process of managing changes to computer/device configuration or application software.
answer
Change conrol
question
This device uses public key infrastructure (PKI) technology—for example, a certificate signed by a trusted certification authority—and doesn't provide one-time passwords.
answer
USBtoken
question
T/F The process of managing the baseline settings of a system device is the definition of configuration control.
answer
True
question
As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.
answer
controls
question
What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place?
answer
Federal Information Security Management Act (FISMA) Encryption
question
A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.
answer
Layer 3 switch
question
Which of the following is the definition of net cat?
answer
A network utility program that reads from and writes to network connections.
question
The total number of errors divided by the total number of bits transmitted is the definition of __________.
answer
bit error rate
question
The ________ in analog communications is one error for every 1,000 bits sent.
answer
bit error rate
question
In digital communications, the __________ is one error for every 1,000,000 bits sent.
answer
bit error rate
question
A common DSL service is ________, where the bandwidth is different for downstream and upstream traffic.
answer
asymmetric digital subscriber line (ADSL)
question
What fills security gaps and software weaknesses?
answer
Testing and quality assurance
question
T/F A physically constrained user interface is a user interface that does not provide a physical means of entering unauthorized information.
answer
True
question
T/F Even though 3G networks provided mobile devices with connection capabilities similar to those of wired networks, they still did not use true IP network addressing.
answer
True
question
T/F A time-based synchronization system is a mechanism that limits access to computer systems and network resources.
answer
False
question
T/F Single loss expectancy (SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE= Resource Value × EF.
answer
True
question
Which of the following is the definition of pattern-based IDS?
answer
An intrusion detection system that uses pattern matching and state full matching to compare current traffic with activity patterns (signatures) of known network intruders.
question
_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.
answer
SAS 70
question
What term is used to describe a packet-based WAN service capable of supporting one-to-many and many-to-many WAN connections?
answer
frame relay
question
When you accept a __________, you take no further steps to resolve.
answer
negative risk
question
Which of the following is the definition of cipher text?
answer
The opposite of clear text. Data sent as cipher text is not visible and not decipherable.
question
T/F In 2011, the United States ranked second globally as a source of network attacks and highest as a source of attacks in North America, even if they originate outside the United States.
answer
True
question
T/F Sprint means one of the small project iterations used in the "agile" method of developing software, in contrast with the usual long project schedules of other ways of developing software.
answer
True
question
Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures.
answer
configurations
question
T/F Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.
answer
False
question
________ is an authentication credential that is generally longer and more complex than a password.
answer
Passphrase
question
T/F Role-based access control (RBAC) means limiting users' access to database views, as opposed to allowing users to access data in database tables directly.
answer
False
question
A parallel test evaluates the effectiveness of the ________ by enabling full processing capability at an alternate data center without interrupting the primary data center.
answer
DRP
question
T/F An organization can choose to plan for any interruption time frame, but in many BIAs, restoration plans assume that access to primary resources will not be possible for at least 60 days.
answer
False
question
Audio conferencing is a software-based, real-time audio conference solution for ________ callers.
answer
VoIP
question
The primary difference between SOC 2 and SOC 3 reports is ________.
answer
Their audience
question
T/F Initiating changes to avoid expected problems is the definition of proactive change management.
answer
True
question
Which of the following is an accurate description of cloud computing?
answer
The practice of using computing services that are delivered over a network.
question
T/F Synchronous token means a device used as a logon authenticator for remote users of a network.
answer
True
question
_____________ is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.
answer
separation of duties
question
T/F The term security kernel database describes a database made up of rules that determine individual users' access rights.
answer
True
question
In a ________, the attacker sends a large number of packets requesting connections to the victim computer.
answer
SYNflood
question
The process of managing risks starts by identifying __________.
answer
risks
question
During the late 1980s into the early 1990s, service providers converted the core switches at their central offices from ______________ to digital central office (CO) switches.
answer
analog
question
T/F Mandatory access control (MAC) isa means of restricting access to an object based on the object's classification and the user's security clearance.
answer
True
question
The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and ________ Web site.
answer
Secure Sockets Layer virtual private network (SSL-VPN)
question
A(n) ___________ fingerprint scanner is a software program that allows an attackerto send logon packets to an IP host device.
answer
operating system (OS)
question
A___________ primarily addresses the processes, resources, equipment,and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.
answer
business continuity plan (BCP)
question
What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version arerunning on a computer?
answer
operating system fingerprinting
question
T/F SOC 3 reports are intended for public consumption.
answer
True
question
Which of the following is the definition of access control?
answer
The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.
question
What is meant by certification?
answer
The technical evaluation of a system to provide assurance that you have implemented the system correctly.
question
The goal and objective of a __________ is to provide a consistent definition for how an organization should handle and secure different types of data.
answer
data classification standard
question
T/F The term clipping level refers to a value used in security monitoring that tells controls to ignore activity that falls below a stated value.
answer
True
question
A ___________ is a tool used to scan IP host devices for open ports that have been enabled.
answer
port scanner
question
__________ tests interrupt the primary data center and transfer processing capability to an alternate site.
answer
Full-interruption
question
War dialers are becoming more frequently used given the rise of digital telephony and now IP telephony or Voice over IP (VoIP).
answer
false
question
An encrypted channel used for remote access to a server or system, commonly used in Linux and UNIX servers and applications, is the definition of __________.
answer
secure shell (SSH)
question
T/F A physically constrained user interface isa user interface that does not provide a physical means of entering unauthorized information.
answer
True
question
The cryptanalyst can encrypt any information and observe the output.
answer
Chosen-plaintext attack
question
_____ is a special case, It is relevant in asymmetric key system and has functions.
answer
Chosen-ciphertext attack
question
In a _____, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system
answer
Chosen-ciphertext attack
question
The cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data may be.
answer
Ciphertext-only attack (COA)
question
The cryptanalyst processes certain pieces of information before and after encryption.
answer
Known-plaintext attack (KPA)
question
packet-filtering firewall
answer
A firewall that examines each packet it receives and compares the packet to a list of rules configured by the network administrator is the definition of ________.
question
network access control (NAC)
answer
A method to restrict access to a network based on identity or other rules is the definition of ________.
question
firewall
answer
A ___________ controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network.
question
firewall
answer
A _____________ contains rules that define the types of traffic that can come and go through a network.
question
reconnaissance
answer
Network ________ is gathering information about a network for use in a future attack.
question
Point-to-Point Tunneling Protocol (PPTP)
answer
What name is given to a protocol to implement a VPN connection between two computers?
question
Network address translation (NAT)
answer
What term is used to describe a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address?
question
Wi-Fi Protected Access (WPA)
answer
What term is used to describe the current encryption standard for wireless networks?
question
A network device that connects network segments, echoing all received traffic to all other ports.
answer
Which of the following is the definition of hub?
question
system infector
answer
A ________ enables the virus to take control and execute before the computer can load most protective measures.
question
file infector
answer
A ________ is a type of virus that primarily infects executable programs.
question
file infector
answer
A ________ is a virus that attacks and modifies executable programs (like COM, EXE, SYS, and DLL files).
question
logic bomb
answer
A ___________ is a program that executes a malicious function of some kind when it detects certain conditions.
question
phishing attack
answer
A ____________ tricks users into providing log-on information on what appears to be a legitimate Web site but is in fact a Web site set up by an attacker to obtain this information.
question
attacks against productivity and performance
answer
Another way that malicious code can threaten businesses is by using mass bulk e-mail (spam), spyware, persistence cookies, and the like,consuming computing resources and reducing user productivity. These are known as ________.
question
7 billion
answer
As of 2013, Cisco estimated that there were more than________ devices connected to the Internet.
question
smurf attack
answer
In a _________, attackers direct forged Internet Control Message Protocol (ICMP) echo-request packets to IP broadcast addresses from remote locations to generate denial of service attacks.
question
SYN flood attack
answer
In a __________, the attacker uses IP spoofing to send a large number of packets requesting connections to the victim computer. These appear to be legitimate but in fact reference a client system that is unable to respond.
question
availability
answer
Malicious code attacks all three information security properties. Malware can erase or overwrite files or inflict considerable damage to storage media. This property is ________.
question
IAB
answer
The ________ provides oversight for architecture for Internet protocols and procedures, processes used to create standards, editorial and publication procedures for RFCs, and confirmation of IETF chair and technical area directors. It also provides much of the high-level management and validation of the processes of conducting IETF business.
question
True
answer
The ANSI produces standards that affect nearly all aspects of IT.
question
Hollings Manufacturing Extension Partnership
answer
The ____________ is a network of centers around the United States that offers technical and business assistance to small- and medium-sized manufacturers.
question
False
answer
The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.
question
True
answer
The Gauss is a measurement of a magnetic field.
question
True
answer
Information technology, perhaps the best-known ISO standard is the Open Systems Interconnection (OSI) Reference Model. This internationally accepted framework of standards governs how separate computer systems communicate using networks.
question
American National Standards Institute (ANSI)
answer
The ________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
question
True
answer
The best-known standard that relates to information security is the IEEE 802 LAN/MAN standard family.
question
ANSI
answer
Unlike other organizations that specifically focus on engineering or technical aspects of computing and communication, the __________ primarily addresses standards that support software development and computer system operation.
question
World Wide Web Consortium (W3C)
answer
The ________ is an organization formed in 1994 to develop and publish standards for the World Wide Web.
question
procrastination
answer
"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned."This is a disadvantage to choosing the self-study option that can be labeled ________.
question
A standard unit of credit that equals 50 minutes of instruction.
answer
Which of the following is the definition of continuing professional education (CPE)?
question
NSA
answer
Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.
question
True
answer
Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security.
question
four-year
answer
The standard bachelor's degree is a __________ program.
question
True
answer
The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas.
question
two
answer
A master's degree program goes beyond the level of a bachelor's degree program and generally consists of ___________ year(s) of study beyond a bachelor's degree.
question
no standard time frame
answer
With university doctoral programs, completing the degree requirements takes ________.
question
National Centers of Academic Excellence in Information Assurance Education (CAE/IAE)
answer
What name is given to educational institutions that meet specific federal information assurance educational guidelines?
question
professional development
answer
The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.
question
True
answer
Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance.
question
Certified Authorization Professional
answer
The best fits for (ISC)2's_____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements.
question
Systems Security Certified Practitioner
answer
(ISC)2 offers the ________ credential, which is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators. It covers the seven domains of best practices for information security.
question
Certified Secure Software Lifecycle Professional
answer
(ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications.
question
CISSP-ISSMP®
answer
The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program.
question
CISSP-ISSEP®
answer
The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems.
question
Architect
answer
Which is Cisco's highest level of certification?
question
True
answer
The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information.
question
entry-level information security certification of choice for IT professionals
answer
Comp TIA's Security+ certification provides ________.
question
True
answer
The Info tech Security Certified Program (SCP) certification programs apply mainly to network security topics and are most appropriate for professionals involved in securing network components within the IT infrastructure.
question
If VoIP traffic needs to traverse through a WAN with congestion, you need
answer
quality of service (QoS)
question
T/F The up-to-date Common Vulnerabilities & Exposure list is maintained and managed by the U.S. Department of Finance.
answer
False
question
T/F The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is =SLE × ARO.
answer
False
question
What is meant by multi-tenancy?
answer
A database feature that allows different groups of users to access the database without being able to access each other's data.
question
Which of the following is the definition of system owner?
answer
The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.
question
A security awareness program includes
answer
All: teaching employees about security objectives motivating users to comply with security policies informing users about trends and threats in society
question
T/F System owners are in control of data classification.
answer
False
question
Voice and unified communications are ________ applications that use 64-byte IP packets.
answer
real-time
question
T/F A way to protect your organization from personnel-related security violationsis to use job rotation. This minimizes risk by rotating employees among various systems or duties, which prevents collusion.
answer
True
question
What term is used to describe communication that doesn't happen in real time but rather consists of messages (voice or e-mail) that are stored on a server and downloaded to endpoint devices?
answer
store-and-forward communications
question
What is meant by promiscuous mode?
answer
The mode in which sniffers operate; it is nonintrusive and does not generate network traffic. This means that every data packet is captured and can be seen by the sniffer.
question
The act of transforming clear text data into undecipherable cipher text is the definition of __________.
answer
encryption
question
________ is the difference between the security controls you have in place and the controls youneed to have in place in order to address all vulnerabilities.
answer
Security gap
question
The recovery point objective (RPO) identifies the amount of _________ that is acceptable.
answer
data loss
question
T/F The term Bring Your Own Device (BYOD) refers to an organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings and other benefits but also presents security risks.
answer
True
question
T/F Until the mid-1980s, personal and business communications involved three primary tools: telephone, answering machines and voicemail, and the Internet.
answer
False
question
SIP is a ___________ protocol used to support real-time communications.
answer
signaling
question
A ________ is a collection of computers connected to one another or to a common connection medium.
answer
local area network (LAN)
question
T/F A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.
answer
True
question
________ is the basis for unified communications and is the protocol used by real-timeapplications such as IM chat, conferencing, and collaboration.
answer
Session Initiation Protocol (SIP)
question
T/F Authority-level policy is adatabase feature that allows different groups of users to access the database without being able to access each other's data.
answer
False
question
Which of the following adequately defines continuous authentication?
answer
An authentication method in which a user is authenticated at multiple times or event intervals.
question
What is meant by call control?
answer
The software in a phone system that performs the call switching from an inboundtrunk to a phone extension.
question
What is meant by digital subscriber line (DSL)?
answer
A high-speed digital broadband service that uses copper cabling for Internet access.
question
What is the Project Management Body of Knowledge (PMBOK)?
answer
A collection of the knowledge and best practices of the project management profession.
question
T/F The network security group is responsible for the Internet-to-WAN Domain.
answer
False
question
What name is given to a high-speed broadband networking technology that uses a 53-byte cell to support real-time voice, video, or data communications?
answer
dense wavelength division multiplexing (DWDM)
question
What is meant by risk register?
answer
A list of identified risks that results from the risk-identification process.
question
A method of restricting resource access to specific periods of time is called ________.
answer
temporal isolation
question
________ is a method that black-hat hackers use to attempt to compromise logon and password access controls, usually following a specific attack plan, including the use of social engineering to obtain user information.
answer
Brute-force password attack
question
T/F A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences.
answer
True
question
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation.
answer
Clean desk/clear screen policy
question
T/F Many jurisdictions require audits by law.
answer
True
question
T/F The difference between black-hat hackers and white-hat hackers is that black-hat hackers are mainly concerned with finding weaknesses for the purpose of fixing them, and white-hat hackers want to find weaknesses just for the fun of it or to exploit them.
answer
False
question
What is meant by rootkit?
answer
A type of malware that modifies or replaces one or more existing programs to hide the fact that a computer has been compromised.
question
T/F AnSOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
answer
True
question
T/F Having too many risks in the risk register is much better than overlooking any severe risk that does occur.
answer
True
question
The physical part of the LAN Domain includes a __________, which is an interface between the computer and the LAN physical media.
answer
network interface card (NIC)
question
Which of the following is the definition of business drivers?
answer
The collection of components, including people, information, and conditions, that support business objectives.
question
What is a Security Information and Event Management (SIEM) system?
answer
Software and devices that assist in collecting, storing, and analyzing the contents of log files.
question
T/F An attacker will use exploit software when performing vulnerability assessments and intrusive penetration testing.
answer
True
question
The goal of ____________ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks.
answer
quantitative risk analysis
question
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program.
answer
training
question
As users upgrade LANs to GigE or 10GigE, switches must support ________ and data IP traffic.
answer
voice
question
T/F Successfully connecting to a computer using a modem makes it impossible to access the rest of the organization's network.
answer
False
question
E-commerce changed how businesses sell, and the ________ changed how they market.
answer
Internet
question
The ___________ framework defines the scope and contents of three levels of audit reports.
answer
Service Organization Control (SOC)
question
T/F Voice and data traffic should be segmented on different backbone links to optimize performance, segment voice, and data traffic on separate GigE or 10GigEfiber-optic trunks.
answer
True
question
T/F The International Information Systems Security Certification Consortium (ISC)2, has two certifications: Systems Security Certified Practitioner (SSCP®) and Certified Information Systems Security Professional (CISSP®). CISSP candidates must pass a difficult and comprehensive exam and have at least 5 years of professional information security experience.
answer
True
question
________ is an authorization method in which access to resources is decided by the user's formal status.
answer
Authority-level policy
question
T/F Resources are protected objects in a computing system, such as files, computers, or printers.
answer
True
question
An organization's facilities manager might give you a security card programmed with your employee ID number, also known as a ________.
answer
smart card
question
T/F The weakest link in the security of an IT infrastructure is the server.
answer
False
question
You can use quantitative risk analysis for all risks on the risk register;however, the amount of effort required may be overkill for _____________ risks.
answer
low probability low impact
question
T/F The audit itself sets new policies.
answer
False
question
What is meant by application convergence?
answer
The integration of applications to enhance productivity. Unified communications is an example of application convergence. Unified communications integrates recorded voice messages into e-mail so that voice messages are retrievable via e-mail.
question
The ____________ represents the fourth layer of defense for a typical IT infrastructure.
answer
LAN-to-WANDomain
question
Which of the following defines network mapping?
answer
Using tools to determine the layout and services running on an organization's systems and networks.
question
Malicious software can be hidden in a ________.
answer
URL link PDF file ZIP file all of the above
question
________ is the process of managing changes to computer/device configuration or application software.
answer
Change conrol
question
This device uses public key infrastructure (PKI) technology—for example, a certificate signed by a trusted certification authority—and doesn't provide one-time passwords.
answer
USBtoken
question
T/F The process of managing the baseline settings of a system device is the definition of configuration control.
answer
True
question
As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.
answer
controls
question
What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place?
answer
Federal Information Security Management Act (FISMA) Encryption
question
A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.
answer
Layer 3 switch
question
Which of the following is the definition of net cat?
answer
A network utility program that reads from and writes to network connections.
question
____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.
answer
Recovery time objective (RTO)
question
The total number of errors divided by the total number of bits transmitted is the definition of __________.
answer
bit error rate
question
The ________ in analog communications is one error for every 1,000 bits sent.
answer
bit error rate
question
In digital communications, the __________ is one error for every 1,000,000 bits sent.
answer
bit error rate
question
A common DSL service is ________, where the bandwidth is different for downstream and upstream traffic.
answer
asymmetric digital subscriber line (ADSL)
question
What fills security gaps and software weaknesses?
answer
Testing and quality assurance
question
T/F A physically constrained user interface is a user interface that does not provide a physical means of entering unauthorized information.
answer
True
question
For all the technical solutions you can devise to secure your systems, the __________ remains your greatest challenge.
answer
human element
question
RTO identifies the maximum allowable ________ to recover the function.
answer
time
question
T/F Even though 3G networks provided mobile devices with connection capabilities similar to those of wired networks, they still did not use true IP network addressing.
answer
True
question
T/F A time-based synchronization system is a mechanism that limits access to computer systems and network resources.
answer
False
question
T/F Single loss expectancy (SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE= Resource Value × EF.
answer
True
question
Which of the following is the definition of pattern-based IDS?
answer
An intrusion detection system that uses pattern matching and state full matching to compare current traffic with activity patterns (signatures) of known network intruders.
question
_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.
answer
SAS 70
question
What term is used to describe a packet-based WAN service capable of supporting one-to-many and many-to-many WAN connections?
answer
frame relay
question
When you accept a __________, you take no further steps to resolve.
answer
negative risk
question
Which of the following is the definition of cipher text?
answer
The opposite of clear text. Data sent as cipher text is not visible and not decipherable.
question
T/F In 2011, the United States ranked second globally as a source of network attacks and highest as a source of attacks in North America, even if they originate outside the United States.
answer
True
question
T/F Sprint means one of the small project iterations used in the "agile" method of developing software, in contrast with the usual long project schedules of other ways of developing software.
answer
True
question
Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures.
answer
configurations
question
T/F Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.
answer
False
question
________ is an authentication credential that is generally longer and more complex than a password.
answer
Passphrase
question
T/F Role-based access control (RBAC) means limiting users' access to database views, as opposed to allowing users to access data in database tables directly.
answer
False
question
A parallel test evaluates the effectiveness of the ________ by enabling full processing capability at an alternate data center without interrupting the primary data center.
answer
DRP
question
T/F An organization can choose to plan for any interruption time frame, but in many BIAs, restoration plans assume that access to primary resources will not be possible for at least 60 days.
answer
False
question
Audio conferencing is a software-based, real-time audio conference solution for ________ callers.
answer
VoIP
question
The primary difference between SOC 2 and SOC 3 reports is ________.
answer
Their audience
question
T/F Initiating changes to avoid expected problems is the definition of proactive change management.
answer
True
question
Which of the following is an accurate description of cloud computing?
answer
The practice of using computing services that are delivered over a network.
question
T/F Synchronous token means a device used as a logon authenticator for remote users of a network.
answer
True
question
_____________ is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.
answer
separation of duties
question
T/F The term security kernel database describes a database made up of rules that determine individual users' access rights.
answer
True
question
In a ________, the attacker sends a large number of packets requesting connections to the victim computer.
answer
SYNflood
question
The process of managing risks starts by identifying __________.
answer
risks
question
During the late 1980s into the early 1990s, service providers converted the core switches at their central offices from ______________ to digital central office (CO) switches.
answer
analog
question
T/F Mandatory access control (MAC) isa means of restricting access to an object based on the object's classification and the user's security clearance.
answer
True
question
The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and ________ Web site.
answer
Secure Sockets Layer virtual private network (SSL-VPN)
question
A(n) ___________ fingerprint scanner is a software program that allows an attackerto send logon packets to an IP host device.
answer
operating system (OS)
question
What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version arerunning on a computer?
answer
operating system fingerprinting
question
T/F SOC 3 reports are intended for public consumption.
answer
True
question
Which of the following is the definition of access control?
answer
The process of protecting a resource so that it is used only by those allowed to use it; a particular method used to restrict or allow access to resources.
question
What is meant by certification?
answer
The technical evaluation of a system to provide assurance that you have implemented the system correctly.
question
The goal and objective of a __________ is to provide a consistent definition for how an organization should handle and secure different types of data.
answer
data classification standard
question
T/F The term clipping level refers to a value used in security monitoring that tells controls to ignore activity that falls below a stated value.
answer
True
question
A ___________ is a tool used to scan IP host devices for open ports that have been enabled.
answer
port scanner
question
__________ tests interrupt the primary data center and transfer processing capability to an alternate site.
answer
Full-interruption
question
War dialers are becoming more frequently used given the rise of digital telephony and now IP telephony or Voice over IP (VoIP).
answer
false
question
T/F A physically constrained user interface isa user interface that does not provide a physical means of entering unauthorized information.
answer
True
question
The cryptanalyst can encrypt any information and observe the output.
answer
Chosen-plaintext attack
question
_____ is a special case, It is relevant in asymmetric key system and has functions.
answer
Chosen-ciphertext attack
question
In a _____, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system
answer
chosen-ciphertext attack
question
The cryptanalyst has access only to a segment of encrypted data, and has no choice as to what that data may be.
answer
Ciphertext-only attack (COA)
question
The cryptanalyst processes certain pieces of information before and after encryption.
answer
Known-plaintext attack (KPA)