Question 1 4 out of 4 points Correct To achieve balance that is, to operate an information system that satisfies the us er and

d the security professional the security level must allow reasonable access, yet protect against threats. Answer Selected Answer: True Correct Answer: True Question 2 4 out of 4 points Correct Effective management includes planning and ____. Answer Selected Answer: All of the above Correct Answer: All of the above Question 3 0 out of 4 points Incorrect ____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. Answer Selected Answer: Drones Correct Answer: Zombies Question 4 4 out of 4 points Correct Individuals with authorization and privileges to manage information within the o rganization are most likely to cause harm or damage by accident. Answer Selected Answer: True Correct Answer: True Question 5 4 out of 4 points Correct The ____ strategy attempts to prevent the exploitation of the vulnerability. Answer Selected Answer: defend control Correct Answer: defend control Question 6 4 out of 4 points Correct

The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the ____. Answer Selected Answer: IETF Correct Answer: IETF Question 7 0 out of 4 points Incorrect The Security Area Working Group endorses ISO/IEC 17799. Answer Selected Answer: True Correct Answer: False Question 8 0 out of 4 points Incorrect The shoulder looking technique is used in public or semipublic settings when ind ividuals gather information they are not authorized to have by looking over anot her individual s shoulder or viewing the information from a distance. Answer Selected Answer: True Correct Answer: False Question 9 4 out of 4 points Correct ____ often function as standards or procedures to be used when configuring or ma intaining systems. Answer Selected Answer: SysSPs Correct Answer: SysSPs Question 10 4 out of 4 points Correct A ____ site provides only rudimentary services and facilities. Answer Selected Answer: cold Correct Answer: cold Question 11 0 out of 4 points Incorrect Each of the threats faced by an organization must be examined to assess its pote ntial to endanger the organization and this examination is known as a threat pr ofile. Answer Selected Answer: True

Correct Answer: Question 12 4 out of 4 points

False

Correct A(n) full backup only archives the files that have been modified that day, and t hus requires less space and time than the differential. Answer Selected Answer: False Correct Answer: False Question 13 4 out of 4 points Correct What is the subject of the Sarbanes-Oxley Act? Answer Selected Answer: Financial Reporting Correct Answer: Financial Reporting Question 14 4 out of 4 points Correct Ethics define socially acceptable behaviors. Answer Selected Answer: True Correct Answer: True Question 15 4 out of 4 points Correct A Web server is often exposed to higher levels of risk when placed in the DMZ th an when it is placed in the untrusted network. Answer Selected Answer: False Correct Answer: False Question 16 4 out of 4 points Correct The National Information Infrastructure Protection Act of 1996 modified which Ac t? Answer Selected Answer: Computer Fraud and Abuse Act Correct Answer: Computer Fraud and Abuse Act Question 17 0 out of 4 points Incorrect The amount of money spent to protect an asset is based in part on the value of t he asset.

Answer Selected Answer: Correct Answer: Question 18 4 out of 4 points

False True

Correct ____ are software programs that hide their true nature, and reveal their designe d behavior only when activated. Answer Selected Answer: Trojan horses Correct Answer: Trojan horses Question 19 4 out of 4 points Correct The global information security community has universally agreed with the justif ication for the code of practices as identified in the ISO/IEC 17799. Answer Selected Answer: False Correct Answer: False Question 20 4 out of 4 points Correct The ____ security policy is a planning document that outlines the process of imp lementing security in the organization. Answer Selected Answer: program Correct Answer: program Question 21 4 out of 4 points Correct A(n) disaster recovery plan dictates the actions an organization can and perhaps should take while an incident is in progress. Answer Selected Answer: False Correct Answer: False Question 22 0 out of 4 points Incorrect DHS is made up of three directorates. Answer Selected Answer: True Correct Answer: False Question 23 4 out of 4 points

Correct ____ is the protocol for handling TCP traffic through a proxy server. Answer Selected Answer: SOCKS Correct Answer: SOCKS Question 24 0 out of 4 points Incorrect The SMC Barricade residential broadband router does not have an intrusion detect ion feature. Answer Selected Answer: True Correct Answer: False Question 25 4 out of 4 points Correct On the client end, a user with Windows 2000 or XP can establish a VPN by configu ring his or her system to connect to a VPN server. Answer Selected Answer: True Correct Answer: True Question 26 0 out of 4 points Incorrect If every vulnerability identified in the organization is handled through mitigat ion, it may reflect an inability to conduct proactive security activities and an apathetic approach to security in general. Answer Selected Answer: True Correct Answer: False Question 27 4 out of 4 points Correct The stated purpose of ____ is to give recommendations for information security mana gement for use by those who are responsible for initiating, implementing, or mai ntaining security in their organization. Answer Selected Answer: ISO/IEC 27002 Correct Answer: ISO/IEC 27002 Question 28 4 out of 4 points Correct The ____ of 1999 provides guidance on the use of encryption and provides protect ion from government intervention. Answer Selected Answer:

Security and Freedom through Encryption Act Correct Answer: Security and Freedom through Encryption Act Question 29 4 out of 4 points Correct Which of the following is a valid version of TACACS? Answer Selected Answer: All of the above Correct Answer: All of the above Question 30 0 out of 4 points Incorrect The standard should begin with a clear statement of purpose. Answer Selected Answer: True Correct Answer: False Question 31 4 out of 4 points Correct The Information Systems Security Association (ISSA) is a nonprofit society of in formation security professionals whose primary mission is to bring together qual ified information security practitioners for information exchange and educationa l development. Answer Selected Answer: True Correct Answer: True Question 32 4 out of 4 points Correct Recently, many states have implemented legislation making certain computer-relat ed activities illegal. Answer Selected Answer: True Correct Answer: True Question 33 4 out of 4 points Correct ____ attempts to prevent trade secrets from being illegally shared. Answer Selected Answer: Economic Espionage Act Correct Answer: Economic Espionage Act Question 34 4 out of 4 points

Correct A(n) polymorphic threat is one that over time changes the way it appears to anti virus software programs, making it undetectable by techniques that look for prec onfigured signatures. Answer Selected Answer: True Correct Answer: True Question 35 0 out of 4 points Incorrect Intellectual privacy is recognized as a protected asset in the United States. Answer Selected Answer: True Correct Answer: False Question 36 4 out of 4 points Correct SESAME may be obtained free of charge from MIT. Answer Selected Answer: False Correct Answer: False Question 37 4 out of 4 points Correct An attacker who suspects that an organization has dial-up lines can use a device called a(n) war dialer to locate the connection points. Answer Selected Answer: True Correct Answer: True Question 38 4 out of 4 points Correct Identifying human resources, documentation, and data information assets of an or ganization is less difficult than identifying hardware and software assets. Answer Selected Answer: False Correct Answer: False Question 39 4 out of 4 points Correct A content filter is technically a firewall. Answer Selected Answer: False Correct Answer: False Question 40 0 out of 4 points Incorrect Packet kiddies use automated exploits to engage in distributed denial-of-service

attacks. Answer Selected Answer: Correct Answer: Question 41 4 out of 4 points

True False

Correct A(n) ____ is an authorization issued by an organization for the repair, modifica tion, or update of a piece of equipment. Answer Selected Answer: FCO Correct Answer: FCO Question 42 4 out of 4 points Correct Hackers are people who use and create computer software to gain access to informati on illegally. Answer Selected Answer: True Correct Answer: True Question 43 4 out of 4 points Correct The Secret Service is charged with the detection and arrest of any person commit ting a United States federal offense relating to computer fraud and false identi fication crimes. Answer Selected Answer: True Correct Answer: True Question 44 4 out of 4 points Correct SP 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Informatio n Systems, must be customized to fit the particular needs of a(n) organization. Answer Selected Answer: True Correct Answer: True Question 45 4 out of 4 points Correct DoS attacks cannot be launched against routers. Answer Selected Answer: False Correct Answer: False Question 46 0 out of 4 points

Incorrect The Association for Computing Machinery and the Information Systems Security Ass ociation have the authority to banish violators of their ethical standards from practicing their trade. Answer Selected Answer: True Correct Answer: False Question 47 4 out of 4 points Correct Strategic planning is the process of moving the organization towards its ____. Answer Selected Answer: vision Correct Answer: vision Question 48 4 out of 4 points Correct In a ____ attack, the attacker sends a large number of connection or information requests to a target. Answer Selected Answer: denial-of-service Correct Answer: denial-of-service Question 49 4 out of 4 points Correct A data custodian works directly with data owners and is responsible for the stor age, maintenance, and protection of the information. Answer Selected Answer: True Correct Answer: True Question 50 4 out of 4 points Correct Policies are written instructions for accomplishing a specific task. Answer Selected Answer: False Correct Answer: False Question 51 4 out of 4 points Correct The policy administrator is responsible for the creation, revision, distribution , and storage of the policy. Answer Selected Answer: True Correct Answer: True Question 52

4 out of 4 points Correct Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality s ethical beha vior violates the ethics of another national group. Answer Selected Answer: True Correct Answer: True Question 53 4 out of 4 points Correct ____ of information is the quality or state of being genuine or original. Answer Selected Answer: Authenticity Correct Answer: Authenticity Question 54 4 out of 4 points Correct A firewall can be a single device or a firewall extranet, which consists of mult iple firewalls creating a buffer between the outside and inside networks. Answer Selected Answer: False Correct Answer: False Question 55 0 out of 4 points Incorrect The macro virus infects the key operating system files located in a computer s boot sector. Answer Selected Answer: True Correct Answer: False Question 56 0 out of 4 points Incorrect Due care requires that an organization make a valid effort to protect others and continually maintain this level of effort. Answer Selected Answer: True Correct Answer: False Question 57 4 out of 4 points Correct ISO/IEC 17799 is more useful than any other information security management appr oach. Answer Selected Answer: False

Correct Answer: Question 58 4 out of 4 points

False

Correct Which of the following is a valid type of data ownership? Answer Selected Answer: All of the above Correct Answer: All of the above Question 59 4 out of 4 points Correct Redundancy can be implemented at a number of points throughout the security arch itecture, such as in ____. Answer Selected Answer: All of the above Correct Answer: All of the above Question 60 4 out of 4 points Correct ____ controls cover security processes that are designed by strategic planners a nd implemented by the security administration of the organization. Answer Selected Answer: Managerial Correct Answer: Managerial Question 61 4 out of 4 points Correct Civil law addresses activities and conduct harmful to society and is actively en forced by the state. Answer Selected Answer: False Correct Answer: False Question 62 4 out of 4 points Correct A mail bomb is a form of DoS. Answer Selected Answer: True Correct Answer: True Question 63 4 out of 4 points Correct

Firewall Rule Set 1 states that responses to internal requests are not allowed. Answer Selected Answer: False Correct Answer: False Question 64 0 out of 4 points Incorrect Network security focuses on the protection of the details of a particular operat ion or series of activities. Answer Selected Answer: True Correct Answer: False Question 65 4 out of 4 points Correct Leaving unattended computers on is one of the top information security mistakes made by individuals. Answer Selected Answer: True Correct Answer: True Question 66 4 out of 4 points Correct Information security safeguards provide two levels of control: managerial and re medial. Answer Selected Answer: False Correct Answer: False Question 67 0 out of 4 points Incorrect ____ generates and issues session keys in Kerberos. Answer Selected Answer: TGS Correct Answer: KDC Question 68 4 out of 4 points Correct The ____ is an intermediate area between a trusted network and an untrusted netw ork. Answer Selected Answer: DMZ Correct Answer: DMZ Question 69 4 out of 4 points

Correct ____ firewalls are designed to operate at the media access control sublayer of t he data link layer of the OSI network model. Answer Selected Answer: MAC layer Correct Answer: MAC layer Question 70 4 out of 4 points Correct Address grants prohibit packets with certain addresses or partial addresses from passing through the device. Answer Selected Answer: False Correct Answer: False Question 71 4 out of 4 points Correct Of the two approaches to information security implementation, the top-down appro ach has a higher probability of success. Answer Selected Answer: True Correct Answer: True Question 72 4 out of 4 points Correct Privacy is not absolute freedom from observation, but rather is a more precise e of being free from unsanctioned intrusion. Answer Selected Answer: True Correct Answer: True Question 73 0 out of 4 points Incorrect HIPAA specifies particular security technologies for each of the security requir ements to ensure the privacy of the health-care information. Answer Selected Answer: True Correct Answer: False Question 74 4 out of 4 points Correct The security blueprint is the basis for the design, selection, and implementatio n of all security program elements including such things as policy implementatio n and ongoing policy management. Answer Selected Answer: True Correct Answer: True stat

Question 75 4 out of 4 points Correct A cold site provides many of the same services and options of a hot site. Answer Selected Answer: False Correct Answer: False Question 76 4 out of 4 points Correct The gateway router can be used as the front-line defense against attacks, as it can be configured to allow only set types of protocols to enter. Answer Selected Answer: True Correct Answer: True Question 77 4 out of 4 points Correct ____-based IDPSs look at patterns of network traffic and attempt to detect unusu al activity based on previous baselines. Answer Selected Answer: Network Correct Answer: Network Question 78 4 out of 4 points Correct Sniffers often work on TCP/IP networks, where they rs. Answer Selected Answer: True Correct Answer: True Question 79 4 out of 4 points Correct Standards may be published, scrutinized, and ratified by a group, as in formal o r ____ standards. Answer Selected Answer: de jure Correct Answer: de jure Question 80 0 out of 4 points Incorrect Some firewalls can filter packets by protocol name. Answer re sometimes called packet sniffe

Selected Answer: Correct Answer:

False True