Exam November 2014, questions and answers PDF

Preview

Summary

Fall 2014 Exam ...

Description

Question 1 1 out of 1 points

____ of information is the quality or state of being genuine or original. Answer !

Selected Answer: !1.! Authenticity

Question 2 1 out of 1 points

The first phase of risk management is ____. Answer !

Selected Answer: !3.! risk identification

Question 3 1 out of 1 points

Complete loss of power for a moment is known as a ____. Answer !

Selected Answer: !2.! fault

Question 4 1 out of 1 points

During the ____ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design. ! Answer Selected Answer: !4.! physical design

Question 5

1 out of 1 points

Which of the following acts is also widely known as the Gramm-Leach-Bliley Act? Answer !

Selected Answer: !1.! Financial Services Modernization Act

Question 6 1 out of 1 points

____ attempts to prevent trade secrets from being illegally shared. Answer !

Selected Answer: !2.! Economic Espionage Act

Question 7 1 out of 1 points

There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security. ! Answer Selected Answer: !3.! dumpster diving

Question 8 1 out of 1 points

The ____ security policy is a planning document that outlines the process of implementing security in the organization. ! Answer Selected Answer: !4.! program

Question 9 1 out of 1 points

Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility. ! Answer Selected Answer: !3.! appetite

Question 10 1 out of 1 points

In a(n) ____, each information asset is assigned a score for each of a set of assigned critical factor. ! Answer Selected Answer: !1.! weighted factor analysis

Question 11 1 out of 1 points

The military uses a ____-level classification scheme. Answer !

Selected Answer: !4.! five

Question 12 1 out of 1 points

____ is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure of an organization. ! Answer Selected Answer: !3.! PKI

Question 13 1 out of 1 points

As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____. ! Answer Selected Answer: !1.! hoaxes

Question 14 1 out of 1 points

____ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede. ! Answer Selected Answer: !1.! DR

Question 15 1 out of 1 points

The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation. ! Answer Selected Answer: !3.! accept control

Question 16 0 out of 1 points

____ law comprises a wide variety of laws that govern a nation or state. Answer !

Selected Answer: !4.! Criminal

Question 17 1 out of 1 points

The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention. ! Answer Selected Answer: !2.! Security and Freedom through Encryption Act

Question 18 1 out of 1 points

____ are software programs that hide their true nature, and reveal their designed behavior only when activated. ! Answer Selected Answer: !3.! Trojan horses

Question 19 1 out of 1 points

A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. ! Answer Selected Answer: !2.! distributed denial-of-service

Question 20 1 out of 1 points

There are generally two skill levels among hackers: expert and ____. Answer !

Selected Answer: !1.! novice

Question 21 1 out of 1 points

What is the subject of the Sarbanes-Oxley Act? Answer !

Selected Answer: !3.! Financial Reporting

Question 22 1 out of 1 points

The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the ____ plan. ! Answer Selected Answer: !1.! IR

Question 23 1 out of 1 points

____ is simply how often you expect a specific type of attack to occur. Answer !

Selected Answer: !4.! ARO

Question 24 1 out of 1 points

The ____ data file contains the hashed representation of the user’s password. Answer !

Selected Answer: !2.! SAM

Question 25 1 out of 1 points

“4-1-9” fraud is an example of a ____ attack. Answer

!

Selected Answer: !2.! social engineering

Question 26 1 out of 1 points

A computer is the ____ of an attack when it is used to conduct the attack. Answer !

Selected Answer: !1.! subject

Question 27 1 out of 1 points

The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) ____. ! Answer Selected Answer: !4.! CBA

Question 28 1 out of 1 points

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage ____. ! Answer Selected Answer: !1.! by accident

Question 29 1 out of 1 points

Acts of ____ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. ! Answer

Selected Answer: !3.! trespass

Question 30 1 out of 1 points

Which of the following is a valid type of data ownership? Answer !

Selected Answer: !1.! All of the above

Question 31 1 out of 1 points

____ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. ! Answer Selected Answer: !1.! Physical

Question 32 1 out of 1 points

Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? ! Answer Selected Answer: !3.! Electronic Communications Privacy Act

Question 33 1 out of 1 points

Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources? ! Answer

Selected Answer: !3.! Singapore

Question 34 1 out of 1 points

According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except ____. ! Answer Selected Answer: !4.! to harass

Question 35 1 out of 1 points

The concept of competitive ____ refers to falling behind the competition. Answer !

Selected Answer: !1.! disadvantage

Question 36 1 out of 1 points

The ____ strategy attempts to shift risk to other assets, other processes, or other organizations. Answer !

Selected Answer: !2.! transfer control

Question 37 1 out of 1 points

In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. ! Answer

Selected Answer: !1.! man-in-the-middle

Question 38 1 out of 1 points

What is the subject of the Computer Security Act? Answer !

Selected Answer: !2.! Federal Agency Information Security

Question 39 1 out of 1 points

A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment. ! Answer Selected Answer: !4.! FCO

Question 40 1 out of 1 points

The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. ! Answer Selected Answer: !3.! Fraud

Question 41 1 out of 1 points

The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange. ! Answer

Selected Answer: !2.! Health Insurance

Question 42 1 out of 1 points

Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) ____. ! Answer Selected Answer: !3.! SLA

Question 43 1 out of 1 points

____ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization’s stakeholders. ! Answer Selected Answer: !1.! Operational

Question 44 1 out of 1 points

When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____. ! Answer Selected Answer: !1.! standard of due care

Question 45 1 out of 1 points

____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. ! Answer Selected Answer: !3.! Zombies

Question 46 1 out of 1 points

Many corporations use a ____ to help secure the confidentiality and integrity of information. Answer !

Selected Answer: !2.! data classification scheme

Question 47 1 out of 1 points

Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses? ! Answer Selected Answer: !3.! Computer Fraud and Abuse Act

Question 48 1 out of 1 points

The ____ strategy attempts to prevent the exploitation of the vulnerability. Answer !

Selected Answer: !2.! defend control

Question 49 1 out of 1 points

Which of the following functions does information security perform for an organization? Answer

!

Selected Answer: !1.! All of the above.

Question 50 1 out of 1 points

____ policies address the particular use of certain systems. Answer !

Selected Answer: !2.! Systems-specific

Question 51 1 out of 1 points

The ____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. ! Answer Selected Answer: !4.! TCP

Question 52 1 out of 1 points

Which of the following is an example of a Trojan horse program? Answer !

Selected Answer: !2.! Happy99.exe

Question 53 1 out of 1 points

The ____ is a methodology for the design and implementation of an information system in an organization. ! Answer Selected Answer: !2.! SDLC

Question 54 1 out of 1 points

____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty. ! Answer Selected Answer: !4.! Risk

Question 55 1 out of 1 points

The most successful kind of top-down approach involves a formal development strategy referred to as a ____. ! Answer Selected Answer: !2.! systems development life cycle

Question 56 1 out of 1 points

____ defines stiffer penalties for prosecution of terrorist crimes. Answer !

Selected Answer: !3.! USA Patriot Act

Question 57 1 out of 1 points

Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss. ____ dictates what steps are taken when an attack occurs. ! Answer Selected Answer: !2.! Incident response

Question 58 1 out of 1 points

____ was the first operating system to integrate security as its core functions. Answer !

Selected Answer: !3.! MULTICS

Question 59 1 out of 1 points

The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any ____ purposes. ! Answer Selected Answer: !2.! marketing

Question 60 1 out of 1 points

____! is any technology that aids in gathering information about a person or organization without their knowledge. ! Answer Selected Answer: !2.! Spyware

Question 61 1 out of 1 points

The National Information Infrastructure Protection Act of 1996 modified which Act? Answer !

Selected Answer: !2.! Computer Fraud and Abuse Act

Question 62 1 out of 1 points

An information system is the entire set of ____, people, procedures, and networks that make possible the use of information resources in the organization. ! Answer Selected Answer: !3.! All of the above

Question 63 1 out of 1 points

____ addresses are sometimes called electronic serial numbers or hardware addresses. Answer !

Selected Answer: !1.! MAC

Question 64 1 out of 1 points

People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role. ! Answer Selected Answer: !1.! system administrators

Question 65 1 out of 1 points

Organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product. ! Answer Selected Answer: !4.! security

Question 66 1 out of 1 points

In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. ! Answer Selected Answer: !4.! confidential

Question 67 1 out of 1 points

One form of online vandalism is ____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. ! Answer Selected Answer: !3.! hacktivist

Question 68 1 out of 1 points

Management of classified data includes its storage and ____. Answer !

Selected Answer: !2.! All of the above

Question 69 1 out of 1 points

The ____ security policy is an executive-level document that outlines the organization’s approach and attitude towards information security and relates the strategic value of information security within the organization. ! Answer Selected Answer: !1.! general

Question 70 1 out of 1 points

Laws and policies and their associated penalties only deter if which of the following conditions is present? ! Answer Selected Answer: !2.! All of the above

Question 71 1 out of 1 points

Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____ characters in Internet Explorer 4.0, the browser will crash. ! Answer Selected Answer: !3.! 256

Question 72 1 out of 1 points

According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents. ! Answer Selected Answer: !4.! cyberterrorism

Question 73 1 out of 1 points

____ is the predecessor to the Internet. Answer !

Selected Answer: !4.! ARPANET

Question 74 1 out of 1 points

____ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. ! Answer Selected Answer: !2.! Public

Question 75 1 out of 1 points

In a ____ attack, the attacker sends a large number of connection or information requests to a target. ! Answer Selected Answer: !1.! denial-of-service

Question 76 1 out of 1 points

____ presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems. ! Answer Selected Answer: !3.! NSTISSI No. 4011

Question 77 1 out of 1 points

The Council of Europe adopted the Convention of Cybercrime in ____. Answer !

Selected Answer: !3.! 2001

Question 78 1 out of 1 points

The ____ model consists of six general phases. Answer !

Selected Answer: !4.! waterfall

Question 79 1 out of 1 points

The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization. ! Answer Selected Answer: !4.! CISO

Question 80 1 out of 1 points

Criminal or unethical ____ goes to the state of mind of the individual performing the act. Answer !

Selected Answer: !4.! intent

Question 81 1 out of 1 points

In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a ____ value. ! Answer Selected Answer: !2.! hash

Question 82

1 out of 1 points

Which of the following phases is the longest and most expensive phase of the systems development life cycle? ! Answer Selected Answer: !4.! maintenance and change

Question 83 1 out of 1 points

A(n) ____ attack is a hacker using a personal computer to break into a system. Answer !

Selected Answer: !4.! direct

Question 84 1 out of 1 points

A famous study entitled “Protection Analysis: Final Report” was published in ____. Answer !

Selected Answer: !3.! 1978

Question 85 1 out of 1 points

Risk ____ is the application of controls to reduce the risks to an organization’s data and information systems. ! Answer Selected Answer: !1.! control

Question 86 1 out of 1 points

Risk control is the application of controls to reduce the risks to an organization’s data and information systems. ! Answer Selected Answer: !1.! True

Question 87 1 out of 1 points

A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information. ! Answer Selected Answer: !2.! True

Question 88 0 out of 1 points

Once the organizational threats have been identified, an assets identification process is undertaken. ! Answer Selected Answer: !2.! True

Question 89 1 out of 1 points

Due care requires that an organization make a valid effort to protect others and continually maintain this level of effort. ! Answer Selected Answer: !2.! False

Question 90 0 out of 1 points

Eliminating a threat is an impossible proposition. Answer !

Selected Answer: !1.! True

Question 91 1 out of 1 points

Identifying human resources, documentation, and data information assets of an organization is less difficult than identifying hardware and software assets. ! Answer Selected Answer: !2.! False

Question 92 1 out of 1 points

Network security focuses on the prote...