Please enter something
Home Page Flashcards IS 4470 Exam 1 - Flashcards

IS 4470 Exam 1 – Flashcards

Cara Robinson
8 July 2022

Unlock all answers in this set

Unlock answers
question
The three common core goals of security are
answer
CIA : confidentiality, integrity, and availability
question
Another name for safeguard is
answer
countermeasure
question
If an attacker breaks into a corporate database and deletes critical files, this is an attack against the ________ security goal.
answer
integrity and confidentiality
question
When a threat succeeds in causing harm to a business, this is a(n)
answer
breach
question
T/F: Most countermeasure controls are detective controls
answer
false
question
Which of the following are types of countermeasures?
answer
Corrective, detective, preventative
question
Which of the following can be a type of spyware?
answer
A cookie and a keystroke logger
question
T/F: The terms "intellectual property" and "trade secret" are synonymous
answer
False
question
________ are programs that attach themselves to legitimate programs.
answer
Viruses and worms
question
The fastest propagation occurs with some types of
answer
worms
question
T/F: The definition of hacking is "intentionally accessing a computer resource without authorization or in excess of authorization."
answer
true
question
T/F: Confidentiality means that attackers cannot change or destroy information.
answer
False
question
T/F: You have access to your home page on a server. By accident, you discover that if you hit a certain key, you can get into someone else's files. You spend just a few minutes looking around. This is hacking.
answer
True
question
T/F: Detective countermeasures identify when a threat is attacking and especially when it is succeeding.
answer
True
question
Which of the following is a type of countermeasure?
answer
detective and corrective
question
________ is the destruction of hardware, software, or data.
answer
Sabotage
question
T/F: Threat environment consists of the types of attackers and attacks that companies face.
answer
True
question
You receive an e-mail that seems to come from a frequent customer. It contains specific information about your relationship with the customer. Clicking on a link in the message takes you to a website that seems to be your customer's website. However, the website is fake. This is ________.
answer
spear phishing
question
A(n) ________ attack attempts to make a server or network unavailable to serve legitimate users by flooding it with attack packets.
answer
DoS (Denial of Service)
question
ICMP Echo messages are often used in
answer
IP address scanning
question
T/F: The primary purpose for attackers to send port scanning probes to hosts is to identify which ports are open.
answer
False, later changed to True
question
Which of the following are ways that trade secret espionage occur?
answer
bribing an employee, theft through interception
question
T/F: Money mules transfer stolen money for criminals and take a small percentage for themselves.
answer
True
question
Cyberwar consists of computer-based attacks conducted by
answer
national governments
question
Countries would engage in cyberwar
answer
both before and after a physical attack
question
The first step in developing an IT security plan is to
answer
assess the current state of the company's security
question
The key to security being an enabler is
answer
getting it involved early within the project
question
T/F: It is a good idea to view the security function as a police force or military organization.
answer
False
question
T/F: To outsource some security functions, a firm can use an MISP
answer
False
question
T/F: Placing IT auditing in an existing auditing department would give independence from IT security.
answer
True
question
T/F: Vulnerability testing typically is not outsourced.
answer
False
question
The worst problem with classic risk analysis is that
answer
we cannot estimate the annualized rate of occurrence
question
T/F: Policies should specify implementation in detail.
answer
False
question
SLE times APO gives the
answer
expected annual loss
question
T/F: In benefits, costs and benefits are expressed on a per-year basis.
answer
True
question
It is acceptable for an employee to reveal
answer
NONE of these: Private info, trade secrets, confidential info
question
_____ are mandatory
answer
standards
question
________ audits are done by an organization on itself
answer
Internal
question
CobiT focuses on ________
answer
corporate governance
question
Policies drive ________.
answer
Both implementation and oversight
question
T/F: IT security people should maintain a negative view of users.
answer
False
question
Which of the following is a formal process?
answer
Annual corporate planning
question
In manual procedures, the segregation of duties ________
answer
reduces risk
question
Which CobiT domain has the most control objectives?
answer
Delivery and support
question
T/F: Security metrics allow a company to know if it is improving in its implementation of policies.
answer
True
question
A governance framework specifies how to do ________
answer
implementation, oversight, and planning
question
T/F: Security tends to impede functionality.
answer
True
question
The FTC can ________.
answer
Both impose fines and require annual audits by external auditing firms for many years
question
T/F: Informing employees that monitoring will be done is a bad idea.
answer
False
question
A DES key is ________ bits long
answer
56
question
To meet national export limitation in many countries, RC4 often uses a key length of ________ bits.
answer
40
question
T/F: DES uses block encryption.
answer
True
question
T/F: The hash size in MD-5 is 160 bits.
answer
False
question
T/F: Using new and proprietary encryption ciphers is a good idea because cryptanalysts will not know them.
answer
False
question
Proving your identity to a communication partner is ________.
answer
authentication
question
T/F: In cryptographic systems, keying takes place during the second handshaking stage.
answer
False
question
3DES is ________.
answer
very slow, strong enough for communication in corporations, expensive in terms of processing cost
question
Hashing is ________.
answer
repeatable
question
To be strong, ________ keys need to be longer than ________ keys.
answer
public and symmetric keys of about the same length have about equal strength
question
Strong RSA keys are at least ________ bits long.
answer
1,024
question
Public key encryption is ________.
answer
complex, slow, expensive
question
When Joshua sends a message to Larry, Joshua will use ________ to encrypt the message.
answer
Larry's public key
question
T/F: In public key encryption for authentication, the receiver decrypts with the public key of the sender.
answer
False
question
HMACs provide the cryptographic protection of ________.
answer
authentication
question
Digital signatures provide ________.
answer
message authentication and message integrity
question
T/F: Most message-by-message authentication methods provide message integrity as a by-product.
answer
True
question
Replay attacks can be thwarted by using ________.
answer
time stamps, sequence numbers, nonces
question
In public key encryption, "signing" is the act of ________.
answer
encrypting the message digest with its own private key
question
In checking the digital signature, the verifier ________.
answer
hashes the plaintext message with the same algorithm used by the sender to get the message digest
question
Nonces can be used in ________.
answer
client; server applications
question
T/F: To test the digital signature, the verifier will use the sender's public key.
answer
False
question
Quantum key cracking ________.
answer
creates a major threat to many traditional cryptographic methods
question
IPsec tunnel mode ________.
answer
is firewall-friendly
question
Which types of VPNs use VPN gateways?
answer
remote access VPNs
question
T/F: When your mobile phone is on a network, it is a host.
answer
True
question
T/F: In this book, when internet is spelled with a capital I, it means the global Internet.
answer
True
question
A device attached to a network is called a ________.
answer
host
question
Which organization creates Internet standards?
answer
IETF
question
A computer connects to the nearest switch via a ________.
answer
Physical link
question
A residential access router usually contains ________.
answer
Both DHCP server and an Ethernet switch
question
T/F: Intercepting wireless LAN transmissions is difficult.
answer
False
question
If two hosts are separated by seven networks, how many packets will there be along the way when a host transmits a packet to another host?
answer
1
question
Most firms actually use the ________ architecture. EITF, TCP/IP, OSI, or none
answer
none of these
question
T/F: A route is the path a frame takes across a single network, from the source host to the destination host, across multiple switches.
answer
False
question
In internets, different networks are connected by ________. routers, switches, both or neither
answer
routers
question
T/F: To do TCP session hijacking, the attacker has to be able to predict the sequence number of the TCP segment currently being sent.
answer
False
question
T/F: IP addresses are 32 octets long.
answer
False
question
________ uses options frequently. TCP, IP, both, neither
answer
TCP
question
A TCP session opening ends with a(n) ________ message.
answer
ACK
question
T/F: IP options are used frequently.
answer
False
question
A Windows host sends a TCP segment with source port number 1200 and destination port number 25. The sending host is a(n) ________.
answer
Client
question
IPsec works with ________.
answer
Both IPv4 and IPv6
question
T/F: In DNS cache poisoning, an attacker replaces the IP address of a host name with another IP address.
answer
True
question
If a router receives a packet with a TTL value of 1, what will it do?
answer
drop the packet
question
A ________ server gives an original host the IP address of another host to which the original host wishes to send packets.
answer
DNS
question
ICMP ________.
answer
Both is used in ping transmissions and is used for error messages
question
Which of the following sends passwords in the clear?
answer
FTP
question
A ________ is likely to have the same address each time it goes on the Internet.
answer
server
question
T/F: UDP is a good protocol for applications that need reliability.
answer
False
question
Confidentiality
answer
means people cannot read sensitive info, either while on a computer or while it is traveling across a network
question
Integrity
answer
means attackers cannot change or destroy information
question
Availability
answer
means people who are authorized to access information are able to do so
question
PCI-DSS
answer
Payment Card Industry - Data Security Standard, rules for companies that accept credit card purchases
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New
Get unstuck with AI assistant right now
  • Enter your topic/question
  • Receive an explanation
Pro tips to get quality response
  • Ask one question at a time
  • Enter a specific assignment topic
  • Aim at least 500 characters
Question
What is the right structure for an essay
Answer
A paragraph is a related group of sentences that develops one main idea. Each paragraph in the body of the essay should contain:
  • a topic sentence that states the main or controlling idea
  • supporting sentences to explain and develop the point you’re making
  • evidence from your reading or an example from the subject area that supports your point
  • analysis of the implication/significance/impact of the evidence finished off with a critical conclusion you have drawn from the evidence.