Professional Documents
Culture Documents
Marks: 1
Corrective action decisions are usually expressed in terms of trade-offs. Answer: True False
Question2
Marks: 1
Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationalitys ethical behavior violates the ethics of another national group. Answer: True False
Question3
Marks: 1
Laws and policies and their associated penalties only deter if which of the following conditions is present? Choose one answer.
a. Fear of penalty
b. Probability of being caught c. Probability of penalty being administered d. All of the above
Question4
Marks: 1
Privacy is not absolute freedom from observation, but rather is a more precise state of being free from unsanctioned intrusion. Answer: True False
Question5
Marks: 1
____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. Choose one answer.
a. NIDPSs
Question6
Marks: 1
The ____ layer of the bulls-eye model receives attention last. Choose one answer.
a. Policies
Question7
Marks: 1
Question8
Marks: 1
Enticement is the action of luring an individual into committing a crime to get a conviction. Answer: True False
Question9
Marks: 1
System Administration, Networking, and Security Organization is better known as ____. Choose one answer.
a. SANO
Question10
Marks: 1
Criminal or unethical ____ goes to the state of mind of the individual performing the act. Choose one answer.
a. attitude
Question11
Marks: 1
A(n) capability table specifies which subjects and objects users or groups can access. Answer: True False
Question12
Marks: 1
Compared to Web site defacement, vandalism within a network is less malicious in intent and more public. Answer: True False
Question13
Marks: 1
A cybernetic loop ensures that progress is measured periodically. Answer: True False
Question14
Marks: 1
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? Choose one answer.
a. Electronic Communications Privacy Act
Question15
Marks: 1
A maintenance model such as the ISO model deals with methods to manage and operate systems. Answer: True False
Question16
Marks: 1
Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses? Choose one answer.
a. Electronic Communications Privacy Act of 1986
b. Freedom of Information Act (FOIA) c. Computer Fraud and Abuse Act d. Federal Privacy Act of 1974
Question17
Marks: 1
Minutiae are unique points of reference that are digitized and stored in an encrypted format when the users system access credentials are created. Answer: True False
Question18
Marks: 1
There are ____ common vulnerability assessment processes. Choose one answer.
a. two
Question19
Marks: 1
Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way. Answer: True False
Question20
Marks: 1
True
False
Question21
Marks: 1
A computer is the ____ of an attack when it is used to conduct the attack. Choose one answer.
a. subject
Question22
Marks: 1
Administrators provide the policies, guidelines and standards in the Schwartz, Erwin,Weafer, and Briney classification. Answer: True False
Question23
Marks: 1
Carbon dioxide systems rob fire of its oxygen. Answer: True False
Question24
Marks: 1
The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use. Choose one answer.
a. DES
Question25
Marks: 1
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. Answer: True False
Question26
Marks: 1
____ are hired by the organization to serve in a temporary position or to supplement the existing workforce. Choose one answer.
a. Temporary employees
Question27
Marks: 1
____ are encrypted messages that can be mathematically proven to be authentic. Choose one answer.
a. Digital signatures
Question28
Marks: 1
A(n) ____ IDPS is focused on protecting network information assets. Choose one answer.
a. network-based
Question29
Marks: 1
In a ____ implementation, the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization. Choose one answer.
a. loop
Question30
Marks: 1
____ involves a wide variety of computing sites that are distant from the base organizational facility and includes all forms of telecommuting. Choose one answer.
a. Remote site computing
Question31
Marks: 1
All of the existing certifications are fully understood by hiring organizations. Answer: True False
Question32
Marks: 1
Question33
Marks: 1
A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. Choose one answer.
a. denial-of-service
Question34
Marks: 1
Which of the following phases is the longest and most expensive phase of the systems development life cycle? Choose one answer.
a. investigation
Question35
Marks: 1
Question36
Marks: 1
A(n) exposure factor is the expected percentage of loss that would occur from a particular attack. Answer: True False
Question37
Marks: 1
An information system is the entire set of ____, people, procedures, and networks that make possible the use of information resources in the organization. Choose one answer.
a. software
Question38
Marks: 1
A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. Answer: True False
Question39
Marks: 1
There are generally two skill levels among hackers: expert and ____. Choose one answer.
a. novice
Question40
Marks: 1
Address grants prohibit packets with certain addresses or partial addresses from passing through the device. Answer: True False
Question41
Marks: 1
A buffer against outside attacks is frequently referred to as a(n) ____. Choose one answer.
a. proxy server
d. firewall
Question42
Marks: 1
Question43
Marks: 1
Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator. Answer: True False
Question44
Marks: 1
Guards can evaluate each situation as it arises and make reasoned responses. Answer: True False
Question45
Marks: 1
CM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen. Answer: True False
Question46
Marks: 1
ISACA stands for Information Systems Automation and Control Association. Answer: True False
Question47
Marks: 1
Most NBA sensors can be deployed in ____ mode only, using the same connection methods as networkbased IDPSs. Choose one answer.
a. passive
Question48
Marks: 1
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation. Choose one answer.
a. avoidance of risk
b. transference c. mitigation
d. accept control
Question49
Marks: 1
The ____ program focuses more on building trusted networks, including biometrics and PKI. Choose one answer.
a. NFC
Question50
Marks: 1
CERTs stands for computer emergency recovery teams. Answer: True False
Question51
Marks: 1
A ____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest. Choose one answer.
a. signature
b. MAC
c. fingerprint d. digest
Question52
Marks: 1
A VPN allows a user to use the Internet into a private network. Answer: True False
Question53
Marks: 1
The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future. Choose one answer.
a. direct changeover
Question54
Marks: 1
Digital forensics helps the organization understand what happened and how. Answer: True False
Question55
Marks: 1
Organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product. Choose one answer.
a. security
Question56
Marks: 1
Builders operate and administrate the security tools and the security monitoring function and continuously improve the processes, performing all the day-to-day work. Answer: True False
Question57
Marks: 1
Deterrence can prevent an illegal or unethical activity from occurring. Answer: True False
Question58
Marks: 1
True
False
Question59
Marks: 1
Question60
Marks: 1
Established in January 2001, the National InfraGard Program began as a cooperative effort between the FBIs Cleveland Field Office and local technology professionals. Answer: True False
Question61
Marks: 1
In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____. Choose one answer.
a. UDPs
Question62
Marks: 1
A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. Answer: True False
Question63
Marks: 1
The primary mailing list, called simply ____, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited, and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists. Choose one answer.
a. Bug
Question64
Marks: 1
Question65
Marks: 1
The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange. Choose one answer.
a. Customer
Question66
Marks: 1
UN-CERT is a set of moderated mailing lists full of detailed, full-disclosure discussions and announcements about computer security vulnerabilities. Answer: True False
Question67
Marks: 1
Attackers may conduct an encrypted-plaintext attack by sending potential victims a specific text that they are sure the victims will forward on to others. Answer: True False
Question68
Marks: 1
True
False
Question69
Marks: 1
A(n) man-in-the-middle attack attempts to intercept a public key or even to insert a known key structure in place of the requested public key. Answer: True False
Question70
Marks: 1
Cold detectors measure rates of change in the ambient temperature in the room. Answer: True False
Question71
Marks: 1
The ____ mailing list includes announcements and discussion of an open-source IDPS. Choose one answer.
a. Nmap-hackers
Question72
Marks: 1
In the ____ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively short period of time. Choose one answer.
a. fixed temperature
Question73
Marks: 1
The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources. Choose one answer.
a. defense
Question74
Marks: 1
A best practice proposed for a small home office setting is appropriate to help design control strategies for a multinational company. Answer: True False
Question75
Marks: 1
All liquid systems are designed to apply liquid, usually water, to all areas in which a fire has been detected. Answer: True False
Question76
Marks: 1
More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions. Choose one answer.
a. multialphabetic
Question77
Marks: 1
The ____ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. Choose one answer.
a. Bug/CERT
b. Bugtraq/CERT c. CC/CERT
d. CERT/CC
Question78
Marks: 1
Question79
Marks: 1
Many information security professionals enter the field from traditional ____ assignments. Choose one answer.
a. HR
Question80
Marks: 1
A(n) listener vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software.
Question81
Marks: 1
The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees. Choose one answer.
a. CIO
Question82
Marks: 1
____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content. Choose one answer.
a. Hash
Question83
Marks: 1
Question84
Marks: 1
Question85
Marks: 1
A certificate authority should actually be categorized as a software security component. Answer: True False
Question86
Marks: 1
In many organizations, information security teams lacks established roles and responsibilities. Answer: True False
Question87
Marks: 1
A(n) distinguished name uniquely identifies a certificate entity, to a users public key. Answer: True False
Question88
Marks: 1
Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) ____. Choose one answer.
a. SSL
Question89
Marks: 1
All systems that are mission critical should be enrolled in PSV measurement. Answer: True False
Question90
Marks: 1
The date for sending the final RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete. Choose one answer.
a. intermediate step
Question91
Marks: 1
The most sophisticated locks are ____ locks. Choose one answer.
a. manual
Question92
Marks: 1
A(n) perimeter is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. Answer: True False
Question93
Marks: 1
An alert ____ is a document containing contact information for the people to be notified in the event of an incident.
Question94
Marks: 1
The ____ involves collecting information about an organizations objectives, its technical architecture, and its information security environment. Choose one answer.
a. SISC
Question95
Marks: 1
A(n) ____ is a statement of the boundaries of the RA. Choose one answer.
a. scope
b. disclaimer c. footer
d. head
Question96
Marks: 1
A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. Answer: True False
Question97
Marks: 1
GIAC stands for Global Information Architecture Certification. Answer: True False
Question98
Marks: 1
A(n) ____ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. Choose one answer.
a. SVPN
Question99
Marks: 1
Firewalls fall into ____ major processing-mode categories. Choose one answer.
a. two
Question100
Marks: 1
The most successful kind of top-down approach involves a formal development strategy referred to as a ____. Choose one answer.
a. systems design
Question101
Marks: 1
Question102
Marks: 1
Interior walls reach only part way to the next floor, which leaves a space above the ceiling of the offices but below the top of the storey. This space is called a(n) ____. Choose one answer.
a. kneespace
Question103
Marks: 1
Smoke detection systems are perhaps the most common means of detecting a potentially dangerous fire, and they are required by building codes in most residential dwellings and commercial buildings. Answer: True False
Question104
Marks: 1
Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility. Choose one answer.
a. benefit
Question105
Marks: 1
Which of the following is an example of a Trojan horse program? Choose one answer.
a. Netsky
Question106
Marks: 1
A timing attack involves the interception of cryptographic elements to determine keys and encryption algorithms. Answer: True False
Question107
Marks: 1
A study of information security positions, done by Schwartz, Erwin,Weafer, and Briney, found that positions can be classified into one of ____ areas.
Question108
Marks: 1
DMZ is the primary way to secure an organizations networks. Answer: True False
Question109
Marks: 1
Program-specific policies address the specific implementations or applications of which users should be aware. Answer: True False
Question110
Marks: 1
b. four
c. five d. six
Question111
Marks: 1
Question112
Marks: 1
A sniffer program shows all the data going by on a network segment including passwords, the data inside filessuch as word-processing documentsand screens full of sensitive data from applications. Answer: True False
Question113
Marks: 1
Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident. Choose one answer.
a. assessment
Question114
Marks: 1
Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet. Answer: True False
Question115
Marks: 1
People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role. Choose one answer.
a. security policy developers
Question116
Marks: 1
True
False
Question117
Marks: 1
Technical controls are the tactical and technical implementations of security in the organization. Answer: True False
Question118
Marks: 1
An effective information security governance program requires constant change. Answer: True False
Question119
Marks: 1
Many corporations use a ____ to help secure the confidentiality and integrity of information. Choose one answer.
a. system classification scheme
Question120
Marks: 1
Intellectual property is defined as the ownership of ideas and control over the tangible or virtual representation of those ideas. Answer: True False
Question121
Marks: 1
A cold site provides many of the same services and options of a hot site. Answer: True False
Question122
Marks: 1
ISO 27001 Information Security Handbook: A Guide for Managers provides managerial guidance for the establishment and implementation of an information security program. Answer: True False
Question123
Marks: 1
Question124
Marks: 1
Telnet protocol packets usually go to TCP port ____. Choose one answer.
a. 7
b. 8 c. 14 d. 23
Question125
Marks: 1
The applicant for the CISM must provide evidence of ____ years of professional work experience in the field of information security, with a waiver or substitution of up to two years for education or previous certification. Choose one answer.
a. five
Question126
Marks: 1
Access control is achieved by means of a combination of policies, programs, and technologies. Answer:
True
False
Question127
Marks: 1
A(n) contingency plan is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations. Answer: True False
Question128
Marks: 1
____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. Choose one answer.
a. Drones
Question129
Marks: 1
Project managers can reduce resistance to change by involving employees in the project plan. In systems development, this is referred to as ____. Choose one answer.
a. DMZ
Question130
Marks: 1
Privacy Enhanced Mail was proposed by the Internet Engineering Task Force and is a standard that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures. Answer: True False
Question131
Marks: 1
Complete loss of power for a moment is known as a ____. Choose one answer.
a. sag
Question132
Marks: 1
The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. Choose one answer.
a. Violence
Question133
Marks: 1
The restrictions most commonly implemented in packet-filtering firewalls are based on ____. Choose one answer.
a. IP source and destination address
b. Direction (inbound or outbound) c. TCP or UDP source and destination port requests d. All of the above
Question134
Marks: 1
Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. Answer: True False
Question135
Marks: 1
A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.
Question136
Marks: 1
____ occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized, also enter. Choose one answer.
a. Crowdsurfing
Question137
Marks: 1
Question138
Marks: 1
The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention. Choose one answer.
a. Sarbanes-Oxley Act
b. Gramm-Leach-Bliley Act c. U.S.A. Patriot Act d. Security and Freedom through Encryption Act
Question139
Marks: 1
A starting scanner is one that initiates traffic on the network in order to determine security holes. Answer: True False
Question140
Marks: 1
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, which is often referred to as a bottom-up approach. Answer: True False
Question141
Marks: 1
One form of online vandalism is ____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. Choose one answer.
a. hacktivist
Question142
Marks: 1
Every organization needs to develop an information security department or program of its own. Answer: True False
Question143
Marks: 1
Direct attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. Answer: True False
Question144
Marks: 1
The ____ position is typically considered the top information security officer in the organization. Choose one answer.
a. CISO
b. CFO
c. CTO d. CEO
Question145
Marks: 1
CBAs cannot be calculated after controls have been functioning for a time. Answer: True False
Question146
Marks: 1
Which of the following is a valid type of data ownership? Choose one answer.
a. Data owners
Question147
Marks: 1
The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission. Choose one answer.
a. Standard HTTP
Question148
Marks: 1
The model used often by large organizations places the information security department within the ____ department. Choose one answer.
a. management
Question149
Marks: 1
The CA periodically distributes a(n) ____ to all users that identifies all revoked certificates. Choose one answer.
a. CRL
b. RA c. MAC d. AES
Question150
Marks: 1
The application gateway is also known as a(n) ____. Choose one answer.
a. application-level firewall
Question151
Marks: 1
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base. Choose one answer.
a. fingernails
Question152
Marks: 1
Question153
Marks: 1
Which of the following ports is commonly used for the HTTP protocol? Choose one answer.
a. 20
b. 25 c. 53 d. 80
Question154
Marks: 1
The ____ model consists of six general phases. Choose one answer.
a. pitfall
Question155
Marks: 1
Symmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message. Answer: True False
Question156
Marks: 1
Civil law addresses activities and conduct harmful to society and is actively enforced by the state. Answer: True False
Question157
Marks: 1
Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. Answer: True False
Question158
Marks: 1
ALE determines whether or not a particular control alternative is worth its cost. Answer: True False
Question159
Marks: 1
____ are software programs that hide their true nature, and reveal their designed behavior only when activated. Choose one answer.
a. Viruses
Question160
Marks: 1
A wet-pipe system is usually considered appropriate in computer rooms. Answer: True False
Question161
Marks: 1
The ____ process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization. Choose one answer.
a. ASP
Question162
Marks: 1
HIPAA specifies particular security technologies for each of the security requirements to ensure the privacy of the health-care information. Answer: True False
Question163
Marks: 1
A(n) registration authority issues, manages, authenticates, signs, and revokes users digital certificates, which typically contain the user name, public key, and other identifying information. Answer: True False
Question164
Marks: 1
All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan. Answer: True False
Question165
Marks: 1
Grounding ensures that the returning flow of current is properly discharged to the ground. Answer: True False
Question166
Marks: 1
A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employees actions. Answer: True False
Question167
Marks: 1
As an alternative view of the way data flows into the monitoring process, a(n) ____ approach may prove useful. Choose one answer.
a. DTD
Question168
Marks: 1
In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates. Answer: True False
Question169
Marks: 1
Security ____ are the areas of trust within which users can freely communicate. Choose one answer.
a. perimeters
Question170
Marks: 1
____ applications use a combination of techniques to detect an intrusion and then trace it back to its source. Choose one answer.
a. Trace and treat
Question171
Marks: 1
Hash algorithms are public functions that create a hash value by converting variable-length messages into a single fixed-length value. Answer: True False
Question172
Marks: 1
Traces, formally known as ICMP Echo requests, are used by internal systems administrators to ensure that clients and servers can communicate. Answer: True False
Question173
Marks: 1
A famous study entitled Protection Analysis: Final Report was published in ____. Choose one answer.
a. 1868
Question174
Marks: 1
In the ____ UPS, the internal components of the standby models are replaced with a pair of inverters and converters. Choose one answer.
a. line-interactive
Question175
Marks: 1
A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment. Choose one answer.
a. IP
Question176
Marks: 1
Question177
Marks: 1
SHA-1 produces a(n) _____-bit message digest, which can then be used as an input to a digital signature algorithm. Choose one answer.
a. 48
b. 56 c. 160 d. 256
Question178
Marks: 1
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. Choose one answer.
a. confidential
Question179
Marks: 1
A(n) disaster recovery plan dictates the actions an organization can and perhaps should take while an incident is in progress. Answer: True False
Question180
Marks: 1
Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks. Answer: True False
Question181
Marks: 1
Every state has implemented uniform laws and regulations placed on organizational use of computer technology. Answer: True False
Question182
Marks: 1
According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents. Choose one answer.
a. infoterrorism
Question183
Marks: 1
Redundancy can be implemented at a number of points throughout the security architecture, such as in ____. Choose one answer.
a. firewalls
Question184
Marks: 1
An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked. Answer: True False
Question185
Marks: 1
A variation of the dry-pipe system is the pre-action system, which has a two-phase response to a fire. Answer: True False
Question186
Marks: 1
One approach that can improve the situational awareness of the information security function uses a process known as ____ to quickly identify changes to the internal environment. Choose one answer.
a. baseline
Question187
Marks: 1
A(n) ____, typically prepared in the analysis phase of the SecSDLC, must be reviewed and verified prior to the development of the project plan. Choose one answer.
a. RFP
Question188
Marks: 1
A common form of mechanical locks are electric strike locks, which (usually) require people to announce themselves before being buzzed through a locked door. Answer: True False
Question189
Marks: 1
Question190
Marks: 1
The concept of competitive ____ refers to falling behind the competition. Choose one answer.
a. disadvantage
Question191
Marks: 1
Question192
Marks: 1
A fully distributed IDPS control strategy is the opposite of the centralized strategy. Answer: True False
Question193
Marks: 1
Qualitative-based measures are comparisons based on numerical standards, such as numbers of successful attacks.
Question194
Marks: 1
In ____ mode, the data within an IP packet is encrypted, but the header information is not. Choose one answer.
a. tunnel
Question195
Marks: 1
Static filtering is common in network routers and gateways. Answer: True False
Question196
Marks: 1
Each organization has to determine its own project management methodology for IT and information security projects. Answer: True False
Question197
Marks: 1
Policies are written instructions for accomplishing a specific task. Answer: True False
Question198
Marks: 1
Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. Answer: True False
Question199
Marks: 1
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. Choose one answer.
a. filtering
Question200
Marks: 1
Benefit is the value that an organization realizes by using controls to prevent losses associated with a specific vulnerability.