You are on page 1of 65

Question1

Marks: 1

Corrective action decisions are usually expressed in terms of trade-offs. Answer: True False

Correct Marks for this submission: 1/1.

Question2
Marks: 1

Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationalitys ethical behavior violates the ethics of another national group. Answer: True False

Correct Marks for this submission: 1/1.

Question3
Marks: 1

Laws and policies and their associated penalties only deter if which of the following conditions is present? Choose one answer.
a. Fear of penalty

b. Probability of being caught c. Probability of penalty being administered d. All of the above

Correct Marks for this submission: 1/1.

Question4
Marks: 1

Privacy is not absolute freedom from observation, but rather is a more precise state of being free from unsanctioned intrusion. Answer: True False

Correct Marks for this submission: 1/1.

Question5
Marks: 1

____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. Choose one answer.
a. NIDPSs

b. HIDPSs c. AppIDPSs d. SIDPSs

Correct Marks for this submission: 1/1.

Question6
Marks: 1

The ____ layer of the bulls-eye model receives attention last. Choose one answer.
a. Policies

b. Networks c. Systems d. Applications

Correct Marks for this submission: 1/1.

Question7
Marks: 1

Ethics define socially acceptable behaviors. Answer: True False

Correct Marks for this submission: 1/1.

Question8
Marks: 1

Enticement is the action of luring an individual into committing a crime to get a conviction. Answer: True False

Correct Marks for this submission: 1/1.

Question9
Marks: 1

System Administration, Networking, and Security Organization is better known as ____. Choose one answer.
a. SANO

b. SAN c. SANS d. SANSO

Correct Marks for this submission: 1/1.

Question10
Marks: 1

Criminal or unethical ____ goes to the state of mind of the individual performing the act. Choose one answer.

a. attitude

b. intent c. accident d. ignorance

Correct Marks for this submission: 1/1.

Question11
Marks: 1

A(n) capability table specifies which subjects and objects users or groups can access. Answer: True False

Correct Marks for this submission: 1/1.

Question12
Marks: 1

Compared to Web site defacement, vandalism within a network is less malicious in intent and more public. Answer: True False

Correct Marks for this submission: 1/1.

Question13
Marks: 1

A cybernetic loop ensures that progress is measured periodically. Answer: True False

Correct Marks for this submission: 1/1.

Question14
Marks: 1

Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? Choose one answer.
a. Electronic Communications Privacy Act

b. Financial Services Modernization Ac c. Sarbanes-Oxley Act d. Economic Espionage Act

Correct Marks for this submission: 1/1.

Question15
Marks: 1

A maintenance model such as the ISO model deals with methods to manage and operate systems. Answer: True False

Correct Marks for this submission: 1/1.

Question16
Marks: 1

Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses? Choose one answer.
a. Electronic Communications Privacy Act of 1986

b. Freedom of Information Act (FOIA) c. Computer Fraud and Abuse Act d. Federal Privacy Act of 1974

Correct Marks for this submission: 1/1.

Question17
Marks: 1

Minutiae are unique points of reference that are digitized and stored in an encrypted format when the users system access credentials are created. Answer: True False

Correct Marks for this submission: 1/1.

Question18
Marks: 1

There are ____ common vulnerability assessment processes. Choose one answer.
a. two

b. three c. four d. five

Correct Marks for this submission: 1/1.

Question19
Marks: 1

Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way. Answer: True False

Correct Marks for this submission: 1/1.

Question20
Marks: 1

A padded cell is a hardened honeynet. Answer:

True

False

Correct Marks for this submission: 1/1.

Question21
Marks: 1

A computer is the ____ of an attack when it is used to conduct the attack. Choose one answer.
a. subject

b. object c. target d. facilitator

Correct Marks for this submission: 1/1.

Question22
Marks: 1

Administrators provide the policies, guidelines and standards in the Schwartz, Erwin,Weafer, and Briney classification. Answer: True False

Correct Marks for this submission: 1/1.

Question23
Marks: 1

Carbon dioxide systems rob fire of its oxygen. Answer: True False

Correct Marks for this submission: 1/1.

Question24

Marks: 1

The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use. Choose one answer.
a. DES

b. RSA c. MAC d. AES

Correct Marks for this submission: 1/1.

Question25
Marks: 1

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. Answer: True False

Correct Marks for this submission: 1/1.

Question26
Marks: 1

____ are hired by the organization to serve in a temporary position or to supplement the existing workforce. Choose one answer.
a. Temporary employees

b. Consultants c. Contractors d. Self-employees

Correct Marks for this submission: 1/1.

Question27
Marks: 1

____ are encrypted messages that can be mathematically proven to be authentic. Choose one answer.
a. Digital signatures

b. MAC c. Message certificates d. Message digests

Correct Marks for this submission: 1/1.

Question28
Marks: 1

A(n) ____ IDPS is focused on protecting network information assets. Choose one answer.
a. network-based

b. host-based c. application-based d. server-based

Correct Marks for this submission: 1/1.

Question29
Marks: 1

In a ____ implementation, the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization. Choose one answer.

a. loop

b. direct c. parallel d. pilot

Correct Marks for this submission: 1/1.

Question30
Marks: 1

____ involves a wide variety of computing sites that are distant from the base organizational facility and includes all forms of telecommuting. Choose one answer.
a. Remote site computing

b. Telecommuting c. Remote working d. Hot site computing

Correct Marks for this submission: 1/1.

Question31
Marks: 1

All of the existing certifications are fully understood by hiring organizations. Answer: True False

Correct Marks for this submission: 1/1.

Question32
Marks: 1

NIST documents can assist in the design of a security framework.

Answer: True False

Correct Marks for this submission: 1/1.

Question33
Marks: 1

A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. Choose one answer.
a. denial-of-service

b. distributed denial-of-service c. virus d. spam

Correct Marks for this submission: 1/1.

Question34
Marks: 1

Which of the following phases is the longest and most expensive phase of the systems development life cycle? Choose one answer.
a. investigation

b. logical design c. implementation d. maintenance and change

Correct Marks for this submission: 1/1.

Question35
Marks: 1

A breach of possession always results in a breach of confidentiality. Answer: True False

Correct Marks for this submission: 1/1.

Question36
Marks: 1

A(n) exposure factor is the expected percentage of loss that would occur from a particular attack. Answer: True False

Correct Marks for this submission: 1/1.

Question37
Marks: 1

An information system is the entire set of ____, people, procedures, and networks that make possible the use of information resources in the organization. Choose one answer.
a. software

b. hardware c. data d. All of the above

Correct Marks for this submission: 1/1.

Question38
Marks: 1

A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. Answer: True False

Correct Marks for this submission: 1/1.

Question39
Marks: 1

There are generally two skill levels among hackers: expert and ____. Choose one answer.
a. novice

b. journeyman c. packet monkey d. professional

Correct Marks for this submission: 1/1.

Question40
Marks: 1

Address grants prohibit packets with certain addresses or partial addresses from passing through the device. Answer: True False

Correct Marks for this submission: 1/1.

Question41
Marks: 1

A buffer against outside attacks is frequently referred to as a(n) ____. Choose one answer.
a. proxy server

b. no-mans land c. DMZ

d. firewall

Correct Marks for this submission: 1/1.

Question42
Marks: 1

Information security can be an absolute. Answer: True False

Correct Marks for this submission: 1/1.

Question43
Marks: 1

Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator. Answer: True False

Correct Marks for this submission: 1/1.

Question44
Marks: 1

Guards can evaluate each situation as it arises and make reasoned responses. Answer: True False

Correct Marks for this submission: 1/1.

Question45
Marks: 1

CM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen. Answer: True False

Correct Marks for this submission: 1/1.

Question46
Marks: 1

ISACA stands for Information Systems Automation and Control Association. Answer: True False

Correct Marks for this submission: 1/1.

Question47
Marks: 1

Most NBA sensors can be deployed in ____ mode only, using the same connection methods as networkbased IDPSs. Choose one answer.
a. passive

b. active c. reactive d. dynamic

Correct Marks for this submission: 1/1.

Question48
Marks: 1

The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation. Choose one answer.
a. avoidance of risk

b. transference c. mitigation

d. accept control

Correct Marks for this submission: 1/1.

Question49
Marks: 1

The ____ program focuses more on building trusted networks, including biometrics and PKI. Choose one answer.
a. NFC

b. SCNP c. PKI d. SCNA

Correct Marks for this submission: 1/1.

Question50
Marks: 1

CERTs stands for computer emergency recovery teams. Answer: True False

Correct Marks for this submission: 1/1.

Question51
Marks: 1

A ____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest. Choose one answer.
a. signature

b. MAC

c. fingerprint d. digest

Correct Marks for this submission: 1/1.

Question52
Marks: 1

A VPN allows a user to use the Internet into a private network. Answer: True False

Correct Marks for this submission: 1/1.

Question53
Marks: 1

The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future. Choose one answer.
a. direct changeover

b. wrap-up c. phased implementation d. pilot implementation

Correct Marks for this submission: 1/1.

Question54
Marks: 1

Digital forensics helps the organization understand what happened and how. Answer: True False

Correct Marks for this submission: 1/1.

Question55
Marks: 1

Organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product. Choose one answer.
a. security

b. reliability c. accessibility d. availability

Correct Marks for this submission: 1/1.

Question56
Marks: 1

Builders operate and administrate the security tools and the security monitoring function and continuously improve the processes, performing all the day-to-day work. Answer: True False

Correct Marks for this submission: 1/1.

Question57
Marks: 1

Deterrence can prevent an illegal or unethical activity from occurring. Answer: True False

Correct Marks for this submission: 1/1.

Question58
Marks: 1

A service bureau is an agency that provides a service for a fee. Answer:

True

False

Correct Marks for this submission: 1/1.

Question59
Marks: 1

Each CISSP concentration exam consists of 25 to 50 questions. Answer: True False

Correct Marks for this submission: 1/1.

Question60
Marks: 1

Established in January 2001, the National InfraGard Program began as a cooperative effort between the FBIs Cleveland Field Office and local technology professionals. Answer: True False

Correct Marks for this submission: 1/1.

Question61
Marks: 1

In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____. Choose one answer.
a. UDPs

b. MACs c. WANs d. WAPs

Correct Marks for this submission: 1/1.

Question62
Marks: 1

A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. Answer: True False

Correct Marks for this submission: 1/1.

Question63
Marks: 1

The primary mailing list, called simply ____, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited, and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists. Choose one answer.
a. Bug

b. Bugfix c. Buglist d. Bugtraq

Correct Marks for this submission: 1/1.

Question64
Marks: 1

First generation firewalls are application-level firewalls. Answer: True False

Correct Marks for this submission: 1/1.

Question65
Marks: 1

The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange. Choose one answer.
a. Customer

b. Health Insurance c. Computer d. Telecommunications

Correct Marks for this submission: 1/1.

Question66
Marks: 1

UN-CERT is a set of moderated mailing lists full of detailed, full-disclosure discussions and announcements about computer security vulnerabilities. Answer: True False

Correct Marks for this submission: 1/1.

Question67
Marks: 1

Attackers may conduct an encrypted-plaintext attack by sending potential victims a specific text that they are sure the victims will forward on to others. Answer: True False

Correct Marks for this submission: 1/1.

Question68
Marks: 1

Most information security projects require a trained project CEO. Answer:

True

False

Correct Marks for this submission: 1/1.

Question69
Marks: 1

A(n) man-in-the-middle attack attempts to intercept a public key or even to insert a known key structure in place of the requested public key. Answer: True False

Correct Marks for this submission: 1/1.

Question70
Marks: 1

Cold detectors measure rates of change in the ambient temperature in the room. Answer: True False

Correct Marks for this submission: 1/1.

Question71
Marks: 1

The ____ mailing list includes announcements and discussion of an open-source IDPS. Choose one answer.
a. Nmap-hackers

b. Packet Storm c. Security Focus d. Snort-sigs

Correct Marks for this submission: 1/1.

Question72

Marks: 1

In the ____ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively short period of time. Choose one answer.
a. fixed temperature

b. permanent temperature c. fixed rate d. rate-of-rise

Correct Marks for this submission: 1/1.

Question73
Marks: 1

The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources. Choose one answer.
a. defense

b. assessment c. security d. information

Correct Marks for this submission: 1/1.

Question74
Marks: 1

A best practice proposed for a small home office setting is appropriate to help design control strategies for a multinational company. Answer: True False

Correct Marks for this submission: 1/1.

Question75
Marks: 1

All liquid systems are designed to apply liquid, usually water, to all areas in which a fire has been detected. Answer: True False

Correct Marks for this submission: 1/1.

Question76
Marks: 1

More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions. Choose one answer.
a. multialphabetic

b. monoalphabetic c. polyalphabetic d. polynomic

Correct Marks for this submission: 1/1.

Question77
Marks: 1

The ____ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. Choose one answer.
a. Bug/CERT

b. Bugtraq/CERT c. CC/CERT

d. CERT/CC

Correct Marks for this submission: 1/1.

Question78
Marks: 1

What is the subject of the Sarbanes-Oxley Act? Choose one answer.


a. Banking

b. Financial Reporting c. Privacy d. Trade secrets

Correct Marks for this submission: 1/1.

Question79
Marks: 1

Many information security professionals enter the field from traditional ____ assignments. Choose one answer.
a. HR

b. BA c. IT d. All of the above

Correct Marks for this submission: 1/1.

Question80
Marks: 1

A(n) listener vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software.

Answer: True False

Correct Marks for this submission: 1/1.

Question81
Marks: 1

The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees. Choose one answer.
a. CIO

b. CISCO c. CISO d. end users

Correct Marks for this submission: 1/1.

Question82
Marks: 1

____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content. Choose one answer.
a. Hash

b. Map c. Key d. Encryption

Correct Marks for this submission: 1/1.

Question83
Marks: 1

Electronic monitoring includes ____ systems. Choose one answer.


a. blocked video

b. local video c. open-circuit television d. closed-circuit television

Correct Marks for this submission: 1/1.

Question84
Marks: 1

A mail bomb is a form of DoS. Answer: True False

Correct Marks for this submission: 1/1.

Question85
Marks: 1

A certificate authority should actually be categorized as a software security component. Answer: True False

Correct Marks for this submission: 1/1.

Question86
Marks: 1

In many organizations, information security teams lacks established roles and responsibilities. Answer: True False

Correct Marks for this submission: 1/1.

Question87
Marks: 1

A(n) distinguished name uniquely identifies a certificate entity, to a users public key. Answer: True False

Correct Marks for this submission: 1/1.

Question88
Marks: 1

Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) ____. Choose one answer.
a. SSL

b. SLA c. MSL d. MIN

Correct Marks for this submission: 1/1.

Question89
Marks: 1

All systems that are mission critical should be enrolled in PSV measurement. Answer: True False

Correct Marks for this submission: 1/1.

Question90
Marks: 1

The date for sending the final RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete. Choose one answer.

a. intermediate step

b. resource c. milestone d. deliverable

Correct Marks for this submission: 1/1.

Question91
Marks: 1

The most sophisticated locks are ____ locks. Choose one answer.
a. manual

b. programmable c. electronic d. biometric

Correct Marks for this submission: 1/1.

Question92
Marks: 1

A(n) perimeter is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. Answer: True False

Correct Marks for this submission: 1/1.

Question93
Marks: 1

An alert ____ is a document containing contact information for the people to be notified in the event of an incident.

Choose one answer.


a. message

b. roster c. plan d. list

Correct Marks for this submission: 1/1.

Question94
Marks: 1

The ____ involves collecting information about an organizations objectives, its technical architecture, and its information security environment. Choose one answer.
a. SISC

b. SecSDLC c. DLC d. SIDLC

Correct Marks for this submission: 1/1.

Question95
Marks: 1

A(n) ____ is a statement of the boundaries of the RA. Choose one answer.
a. scope

b. disclaimer c. footer

d. head

Correct Marks for this submission: 1/1.

Question96
Marks: 1

A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. Answer: True False

Correct Marks for this submission: 1/1.

Question97
Marks: 1

GIAC stands for Global Information Architecture Certification. Answer: True False

Correct Marks for this submission: 1/1.

Question98
Marks: 1

A(n) ____ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. Choose one answer.
a. SVPN

b. VPN c. SESAME d. KERBES

Correct Marks for this submission: 1/1.

Question99
Marks: 1

Firewalls fall into ____ major processing-mode categories. Choose one answer.
a. two

b. three c. four d. five

Correct Marks for this submission: 1/1.

Question100
Marks: 1

The most successful kind of top-down approach involves a formal development strategy referred to as a ____. Choose one answer.
a. systems design

b. development life project c. systems development life cycle d. systems schema

Correct Marks for this submission: 1/1.

Question101
Marks: 1

UPS devices typically run up to ____ VA. Choose one answer.


a. 100

b. 250 c. 500 d. 1,000

Correct Marks for this submission: 1/1.

Question102
Marks: 1

Interior walls reach only part way to the next floor, which leaves a space above the ceiling of the offices but below the top of the storey. This space is called a(n) ____. Choose one answer.
a. kneespace

b. attic c. plenum d. padding

Correct Marks for this submission: 1/1.

Question103
Marks: 1

Smoke detection systems are perhaps the most common means of detecting a potentially dangerous fire, and they are required by building codes in most residential dwellings and commercial buildings. Answer: True False

Correct Marks for this submission: 1/1.

Question104
Marks: 1

Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility. Choose one answer.

a. benefit

b. appetite c. acceptance d. avoidance

Correct Marks for this submission: 1/1.

Question105
Marks: 1

Which of the following is an example of a Trojan horse program? Choose one answer.
a. Netsky

b. MyDoom c. Klez d. Happy99.exe

Correct Marks for this submission: 1/1.

Question106
Marks: 1

A timing attack involves the interception of cryptographic elements to determine keys and encryption algorithms. Answer: True False

Correct Marks for this submission: 1/1.

Question107
Marks: 1

A study of information security positions, done by Schwartz, Erwin,Weafer, and Briney, found that positions can be classified into one of ____ areas.

Choose one answer.


a. two

b. three c. four d. five

Correct Marks for this submission: 1/1.

Question108
Marks: 1

DMZ is the primary way to secure an organizations networks. Answer: True False

Correct Marks for this submission: 1/1.

Question109
Marks: 1

Program-specific policies address the specific implementations or applications of which users should be aware. Answer: True False

Correct Marks for this submission: 1/1.

Question110
Marks: 1

The military uses a _____-level classification scheme. Choose one answer.


a. three

b. four

c. five d. six

Correct Marks for this submission: 1/1.

Question111
Marks: 1

The Lewin change model consists of ____. Choose one answer.


a. unfreezing

b. moving c. refreezing d. All of the above

Correct Marks for this submission: 1/1.

Question112
Marks: 1

A sniffer program shows all the data going by on a network segment including passwords, the data inside filessuch as word-processing documentsand screens full of sensitive data from applications. Answer: True False

Correct Marks for this submission: 1/1.

Question113
Marks: 1

Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident. Choose one answer.
a. assessment

b. evaluation c. recovery d. plan

Correct Marks for this submission: 1/1.

Question114
Marks: 1

Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet. Answer: True False

Correct Marks for this submission: 1/1.

Question115
Marks: 1

People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role. Choose one answer.
a. security policy developers

b. security professionals c. system administrators d. end users

Correct Marks for this submission: 1/1.

Question116
Marks: 1

A HIDPS can monitor systems logs for predefined events. Answer:

True

False

Correct Marks for this submission: 1/1.

Question117
Marks: 1

Technical controls are the tactical and technical implementations of security in the organization. Answer: True False

Correct Marks for this submission: 1/1.

Question118
Marks: 1

An effective information security governance program requires constant change. Answer: True False

Correct Marks for this submission: 1/1.

Question119
Marks: 1

Many corporations use a ____ to help secure the confidentiality and integrity of information. Choose one answer.
a. system classification scheme

b. data restoration scheme c. data hierarchy d. data classification scheme

Correct Marks for this submission: 1/1.

Question120
Marks: 1

Intellectual property is defined as the ownership of ideas and control over the tangible or virtual representation of those ideas. Answer: True False

Correct Marks for this submission: 1/1.

Question121
Marks: 1

A cold site provides many of the same services and options of a hot site. Answer: True False

Correct Marks for this submission: 1/1.

Question122
Marks: 1

ISO 27001 Information Security Handbook: A Guide for Managers provides managerial guidance for the establishment and implementation of an information security program. Answer: True False

Correct Marks for this submission: 1/1.

Question123
Marks: 1

The first phase of risk management is ____. Choose one answer.


a. risk identification

b. design c. risk control d. risk evaluation

Correct Marks for this submission: 1/1.

Question124
Marks: 1

Telnet protocol packets usually go to TCP port ____. Choose one answer.
a. 7

b. 8 c. 14 d. 23

Correct Marks for this submission: 1/1.

Question125
Marks: 1

The applicant for the CISM must provide evidence of ____ years of professional work experience in the field of information security, with a waiver or substitution of up to two years for education or previous certification. Choose one answer.
a. five

b. eight c. ten d. twelve

Correct Marks for this submission: 1/1.

Question126
Marks: 1

Access control is achieved by means of a combination of policies, programs, and technologies. Answer:

True

False

Correct Marks for this submission: 1/1.

Question127
Marks: 1

A(n) contingency plan is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations. Answer: True False

Correct Marks for this submission: 1/1.

Question128
Marks: 1

____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. Choose one answer.
a. Drones

b. Helpers c. Zombies d. Servants

Correct Marks for this submission: 1/1.

Question129
Marks: 1

Project managers can reduce resistance to change by involving employees in the project plan. In systems development, this is referred to as ____. Choose one answer.
a. DMZ

b. SDLC c. WBS d. JAD

Correct Marks for this submission: 1/1.

Question130
Marks: 1

Privacy Enhanced Mail was proposed by the Internet Engineering Task Force and is a standard that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures. Answer: True False

Correct Marks for this submission: 1/1.

Question131
Marks: 1

Complete loss of power for a moment is known as a ____. Choose one answer.
a. sag

b. fault c. brownout d. blackout

Correct Marks for this submission: 1/1.

Question132
Marks: 1

The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. Choose one answer.

a. Violence

b. Fraud c. Theft d. Usage

Correct Marks for this submission: 1/1.

Question133
Marks: 1

The restrictions most commonly implemented in packet-filtering firewalls are based on ____. Choose one answer.
a. IP source and destination address

b. Direction (inbound or outbound) c. TCP or UDP source and destination port requests d. All of the above

Correct Marks for this submission: 1/1.

Question134
Marks: 1

Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. Answer: True False

Correct Marks for this submission: 1/1.

Question135
Marks: 1

A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.

Answer: True False

Correct Marks for this submission: 1/1.

Question136
Marks: 1

____ occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized, also enter. Choose one answer.
a. Crowdsurfing

b. Tailgating c. Freeloading d. Hitchhiking

Correct Marks for this submission: 1/1.

Question137
Marks: 1

Effective management includes planning and ____. Choose one answer.


a. organizing

b. leading c. controlling d. All of the above

Correct Marks for this submission: 1/1.

Question138
Marks: 1

The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention. Choose one answer.
a. Sarbanes-Oxley Act

b. Gramm-Leach-Bliley Act c. U.S.A. Patriot Act d. Security and Freedom through Encryption Act

Correct Marks for this submission: 1/1.

Question139
Marks: 1

A starting scanner is one that initiates traffic on the network in order to determine security holes. Answer: True False

Correct Marks for this submission: 1/1.

Question140
Marks: 1

Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, which is often referred to as a bottom-up approach. Answer: True False

Correct Marks for this submission: 1/1.

Question141
Marks: 1

One form of online vandalism is ____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. Choose one answer.

a. hacktivist

b. phvist c. hackcyber d. cyberhack

Correct Marks for this submission: 1/1.

Question142
Marks: 1

Every organization needs to develop an information security department or program of its own. Answer: True False

Incorrect Marks for this submission: 0/1.

Question143
Marks: 1

Direct attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. Answer: True False

Incorrect Marks for this submission: 0/1.

Question144
Marks: 1

The ____ position is typically considered the top information security officer in the organization. Choose one answer.
a. CISO

b. CFO

c. CTO d. CEO

Correct Marks for this submission: 1/1.

Question145
Marks: 1

CBAs cannot be calculated after controls have been functioning for a time. Answer: True False

Correct Marks for this submission: 1/1.

Question146
Marks: 1

Which of the following is a valid type of data ownership? Choose one answer.
a. Data owners

b. Data custodians c. Data users d. All of the above

Correct Marks for this submission: 1/1.

Question147
Marks: 1

The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission. Choose one answer.
a. Standard HTTP

b. SFTP c. S-HTTP d. SSL Record Protocol

Correct Marks for this submission: 1/1.

Question148
Marks: 1

The model used often by large organizations places the information security department within the ____ department. Choose one answer.
a. management

b. information technology c. financial d. production

Correct Marks for this submission: 1/1.

Question149
Marks: 1

The CA periodically distributes a(n) ____ to all users that identifies all revoked certificates. Choose one answer.
a. CRL

b. RA c. MAC d. AES

Incorrect Marks for this submission: 0/1.

Question150
Marks: 1

The application gateway is also known as a(n) ____. Choose one answer.
a. application-level firewall

b. client firewall c. proxy firewall d. All of the above

Correct Marks for this submission: 1/1.

Question151
Marks: 1

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base. Choose one answer.
a. fingernails

b. fingerprints c. signatures d. footprints

Correct Marks for this submission: 1/1.

Question152
Marks: 1

A(n) ____ is a proposed systems user. Choose one answer.


a. authenticator

b. challenger c. supplicant d. activator

Incorrect Marks for this submission: 0/1.

Question153
Marks: 1

Which of the following ports is commonly used for the HTTP protocol? Choose one answer.
a. 20

b. 25 c. 53 d. 80

Correct Marks for this submission: 1/1.

Question154
Marks: 1

The ____ model consists of six general phases. Choose one answer.
a. pitfall

b. 5SA&D c. waterfall d. SysSP

Correct Marks for this submission: 1/1.

Question155
Marks: 1

Symmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message. Answer: True False

Correct Marks for this submission: 1/1.

Question156
Marks: 1

Civil law addresses activities and conduct harmful to society and is actively enforced by the state. Answer: True False

Correct Marks for this submission: 1/1.

Question157
Marks: 1

Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. Answer: True False

Correct Marks for this submission: 1/1.

Question158
Marks: 1

ALE determines whether or not a particular control alternative is worth its cost. Answer: True False

Correct Marks for this submission: 1/1.

Question159
Marks: 1

____ are software programs that hide their true nature, and reveal their designed behavior only when activated. Choose one answer.
a. Viruses

b. Worms c. Spam d. Trojan horses

Correct Marks for this submission: 1/1.

Question160
Marks: 1

A wet-pipe system is usually considered appropriate in computer rooms. Answer: True False

Incorrect Marks for this submission: 0/1.

Question161
Marks: 1

The ____ process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization. Choose one answer.
a. ASP

b. ISP c. SVP d. PSV

Correct Marks for this submission: 1/1.

Question162
Marks: 1

HIPAA specifies particular security technologies for each of the security requirements to ensure the privacy of the health-care information. Answer: True False

Correct Marks for this submission: 1/1.

Question163
Marks: 1

A(n) registration authority issues, manages, authenticates, signs, and revokes users digital certificates, which typically contain the user name, public key, and other identifying information. Answer: True False

Correct Marks for this submission: 1/1.

Question164
Marks: 1

All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan. Answer: True False

Correct Marks for this submission: 1/1.

Question165
Marks: 1

Grounding ensures that the returning flow of current is properly discharged to the ground. Answer: True False

Correct Marks for this submission: 1/1.

Question166

Marks: 1

A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employees actions. Answer: True False

Correct Marks for this submission: 1/1.

Question167
Marks: 1

As an alternative view of the way data flows into the monitoring process, a(n) ____ approach may prove useful. Choose one answer.
a. DTD

b. DFD c. Schema d. ERP

Correct Marks for this submission: 1/1.

Question168
Marks: 1

In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates. Answer: True False

Correct Marks for this submission: 1/1.

Question169
Marks: 1

Security ____ are the areas of trust within which users can freely communicate. Choose one answer.

a. perimeters

b. domains c. rectangles d. layers

Correct Marks for this submission: 1/1.

Question170
Marks: 1

____ applications use a combination of techniques to detect an intrusion and then trace it back to its source. Choose one answer.
a. Trace and treat

b. Trap and trace c. Treat and trap d. Trace and clip

Correct Marks for this submission: 1/1.

Question171
Marks: 1

Hash algorithms are public functions that create a hash value by converting variable-length messages into a single fixed-length value. Answer: True False

Correct Marks for this submission: 1/1.

Question172
Marks: 1

Traces, formally known as ICMP Echo requests, are used by internal systems administrators to ensure that clients and servers can communicate. Answer: True False

Correct Marks for this submission: 1/1.

Question173
Marks: 1

A famous study entitled Protection Analysis: Final Report was published in ____. Choose one answer.
a. 1868

b. 1978 c. 1988 d. 1998

Correct Marks for this submission: 1/1.

Question174
Marks: 1

In the ____ UPS, the internal components of the standby models are replaced with a pair of inverters and converters. Choose one answer.
a. line-interactive

b. ferroresonant c. true online d. offline

Correct Marks for this submission: 1/1.

Question175
Marks: 1

A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment. Choose one answer.
a. IP

b. FCO c. CTO d. HTTP

Correct Marks for this submission: 1/1.

Question176
Marks: 1

Information security should be visible to the users. Answer: True False

Correct Marks for this submission: 1/1.

Question177
Marks: 1

SHA-1 produces a(n) _____-bit message digest, which can then be used as an input to a digital signature algorithm. Choose one answer.
a. 48

b. 56 c. 160 d. 256

Correct Marks for this submission: 1/1.

Question178
Marks: 1

In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. Choose one answer.
a. confidential

b. secret c. top secret d. sensitive

Correct Marks for this submission: 1/1.

Question179
Marks: 1

A(n) disaster recovery plan dictates the actions an organization can and perhaps should take while an incident is in progress. Answer: True False

Correct Marks for this submission: 1/1.

Question180
Marks: 1

Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks. Answer: True False

Correct Marks for this submission: 1/1.

Question181

Marks: 1

Every state has implemented uniform laws and regulations placed on organizational use of computer technology. Answer: True False

Correct Marks for this submission: 1/1.

Question182
Marks: 1

According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents. Choose one answer.
a. infoterrorism

b. cyberterrorism c. hacking d. cracking

Correct Marks for this submission: 1/1.

Question183
Marks: 1

Redundancy can be implemented at a number of points throughout the security architecture, such as in ____. Choose one answer.
a. firewalls

b. proxy servers c. access controls

d. All of the above

Correct Marks for this submission: 1/1.

Question184
Marks: 1

An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked. Answer: True False

Correct Marks for this submission: 1/1.

Question185
Marks: 1

A variation of the dry-pipe system is the pre-action system, which has a two-phase response to a fire. Answer: True False

Correct Marks for this submission: 1/1.

Question186
Marks: 1

One approach that can improve the situational awareness of the information security function uses a process known as ____ to quickly identify changes to the internal environment. Choose one answer.
a. baseline

b. difference analysis c. differential d. revision

Correct Marks for this submission: 1/1.

Question187
Marks: 1

A(n) ____, typically prepared in the analysis phase of the SecSDLC, must be reviewed and verified prior to the development of the project plan. Choose one answer.
a. RFP

b. WBS c. SDLC d. CBA

Correct Marks for this submission: 1/1.

Question188
Marks: 1

A common form of mechanical locks are electric strike locks, which (usually) require people to announce themselves before being buzzed through a locked door. Answer: True False

Correct Marks for this submission: 1/1.

Question189
Marks: 1

ISA Server can use ____ technology. Choose one answer.


a. PNP

b. Point to Point Tunneling Protocol c. RAS d. All of the above

Correct Marks for this submission: 1/1.

Question190
Marks: 1

The concept of competitive ____ refers to falling behind the competition. Choose one answer.
a. disadvantage

b. drawback c. failure d. shortcoming

Correct Marks for this submission: 1/1.

Question191
Marks: 1

DES uses a 64-bit key. Answer: True False

Correct Marks for this submission: 1/1.

Question192
Marks: 1

A fully distributed IDPS control strategy is the opposite of the centralized strategy. Answer: True False

Correct Marks for this submission: 1/1.

Question193
Marks: 1

Qualitative-based measures are comparisons based on numerical standards, such as numbers of successful attacks.

Answer: True False

Correct Marks for this submission: 1/1.

Question194
Marks: 1

In ____ mode, the data within an IP packet is encrypted, but the header information is not. Choose one answer.
a. tunnel

b. transport c. public d. symmetric

Correct Marks for this submission: 1/1.

Question195
Marks: 1

Static filtering is common in network routers and gateways. Answer: True False

Correct Marks for this submission: 1/1.

Question196
Marks: 1

Each organization has to determine its own project management methodology for IT and information security projects. Answer: True False

Correct Marks for this submission: 1/1.

Question197
Marks: 1

Policies are written instructions for accomplishing a specific task. Answer: True False

Correct Marks for this submission: 1/1.

Question198
Marks: 1

Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. Answer: True False

Correct Marks for this submission: 1/1.

Question199
Marks: 1

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. Choose one answer.
a. filtering

b. doorknob rattling c. footprinting d. fingerprinting

Correct Marks for this submission: 1/1.

Question200
Marks: 1

Benefit is the value that an organization realizes by using controls to prevent losses associated with a specific vulnerability.

Answer: True False

Correct Marks for this submission: 1/1.

You might also like