You are on page 1of 37

Question 1

1 out of 1 points

of information is the quality or state of being genuine or original. Answer

Selected Answer:

Question 2

1 out of 1 points

1.

Authenticity

The first phase of risk management is Answer

Selected Answer:

Question 3

1 out of 1 points

3.

risk identification

Complete loss of power for a moment is known as a Answer

Selected Answer:

Question 4

2.

fault

1 out of 1 points

During the

and evaluated in the logical design.

Answer

phase, specific technologies are selected to support the alternatives identified

Selected Answer:

4.

physical design

1

out of 1 points

Which of the following acts is also widely known as the Gramm-Leach-Bliley Act? Answer

Selected Answer:

1.

Financial Services Modernization Act

Question 6

1 out of 1 points

attempts to prevent trade secrets from being illegally shared. Answer

Selected Answer:

Question 7

1 out of 1 points

2.

Economic Espionage Act

There are individuals who search trash and recycling — a practice known as information that could embarrass a company or compromise information security. Answer

Selected Answer:

Question 8

1 out of 1 points

3.

dumpster diving

— to retrieve

The

security in the organization. Answer

security policy is a planning document that outlines the process of implementing

Selected Answer:

Question 9

4.

program

Risk

evaluate the tradeoffs between perfect security and unlimited accessibility. Answer

defines the quantity and nature of risk that organizations are willing to accept as they

Selected Answer:

Question 10

3.

appetite

1 out of 1 points

In a(n)

,

each information asset is assigned a score for each of a set of assigned critical

factor.

Answer

Selected Answer:

1.

Question 11

1 out of 1 points

The military uses a Answer

Selected Answer:

Question 12

1 out of 1 points

weighted factor analysis

-level

4.

five

classification scheme.

is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure of an organization. Answer

Selected Answer:

3.

PKI

Question 13

As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus Answer

Selected Answer:

Question 14

1.

hoaxes

1 out of 1 points

plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede. Answer

Selected Answer:

1.

DR

Question 15

1 out of 1 points

The

of its exploitation.

Answer

strategy is the choice to do nothing to protect a vulnerability and to accept the outcome

Selected Answer:

Question 16

3.

accept control

0 out of 1 points

law comprises a wide variety of laws that govern a nation or state. Answer

Selected Answer:

Question 17

1 out of 1 points

4.

Criminal

The

government intervention.

Answer

of 1999 provides guidance on the use of encryption and provides protection from

Selected Answer:

2.

Security and Freedom through Encryption Act

Question 18

1 out of 1 points

are software programs that hide their true nature, and reveal their designed behavior only when activated. Answer

Selected Answer:

Question 19

1 out of 1 points

3.

Trojan horses

A

many locations at the same time. Answer

is an attack in which a coordinated stream of requests is launched against a target from

Selected Answer:

2.

distributed denial-of-service

Question 20

1 out of 1 points

There are generally two skill levels among hackers: expert and Answer

Selected Answer:

Question 21

1.

novice

1 out of 1 points

What is the subject of the Sarbanes-Oxley Act? Answer

Selected Answer:

Question 22

1 out of 1 points

3.

Financial Reporting

The actions an organization can and perhaps should take while an incident is in progress should

be specified in a document called the Answer

plan.

Selected Answer:

1.

IR

Question 23

1 out of 1 points

is simply how often you expect a specific type of attack to occur. Answer

Selected Answer:

Question 24

4.

ARO

1 out of 1 points

The

Answer

data file contains the hashed representation of the user’s password.

Selected Answer:

Question 25

2.

SAM

1 out of 1 points

“4-1-9” fraud is an example of a Answer

attack.

Selected Answer:

2.

Question 26

1 out of 1 points

A computer is the Answer

Selected Answer:

Question 27

1 out of 1 points

social engineering

of an attack when it is used to conduct the attack.

1.

subject

The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) Answer

Selected Answer:

Question 28

4.

CBA

1 out of 1 points

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage Answer

Selected Answer:

Question 29

1 out of 1 points

1.

by accident

Acts of

enter premises or systems they have not been authorized to enter. Answer

can lead to unauthorized real or virtual actions that enable information gatherers to

Selected Answer:

3.

Question 30

1 out of 1 points

trespass

Which of the following is a valid type of data ownership? Answer

Selected Answer:

Question 31

1 out of 1 points

1.

All of the above

security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse. Answer

Selected Answer:

Question 32

1 out of 1 points

1.

Physical

Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications? Answer

Selected Answer:

3.

Electronic Communications Privacy Act

Question 33

1 out of 1 points

Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources? Answer

Selected Answer:

3.

Question 34

1 out of 1 points

Singapore

According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except Answer

Selected Answer:

Question 35

1 out of 1 points

4.

to harass

The concept of competitive Answer

refers to falling behind the competition.

Selected Answer:

Question 36

1.

disadvantage

1 out of 1 points

The

strategy attempts to shift risk to other assets, other processes, or other organizations.

Answer

Selected Answer:

2.

Question 37

1 out of 1 points

transfer control

In the well-known

modifies them, and inserts them back into the network. Answer

attack, an attacker monitors (or sniffs) packets from the network,

Selected Answer:

1.

Question 38

1 out of 1 points

man-in-the-middle

What is the subject of the Computer Security Act? Answer

Selected Answer:

2.

Federal Agency Information Security

Question 39

1 out of 1 points

A(n)

a piece of equipment. Answer

is an authorization issued by an organization for the repair, modification, or update of

 

Selected Answer:

4.

 

FCO

Question 40

1

out of 1 points

The Computer

and Abuse Act of 1986 is the cornerstone of many computer-related federal

laws and enforcement efforts.

Answer

Selected Answer:

Question 41

3.

Fraud

1 out of 1 points

The

Act, protects the confidentiality and security of health care data by establishing and enforcing

standards and by standardizing electronic data interchange. Answer

Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum

Selected Answer:

2.

Question 42

1 out of 1 points

Health Insurance

Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) Answer

Selected Answer:

3.

SLA

Question 43

1 out of 1 points

feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization’s stakeholders. Answer

Selected Answer:

Question 44

1 out of 1 points

1.

Operational

When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) Answer

Selected Answer:

Question 45

1 out of 1 points

1.

standard of due care

are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack. Answer

Selected Answer:

Question 46

1 out of 1 points

3.

Zombies

Many corporations use a Answer

to help secure the confidentiality and integrity of information.

Selected Answer:

Question 47

2.

data classification scheme

1 out of 1 points

Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses? Answer

Selected Answer:

3.

Computer Fraud and Abuse Act

Question 48

1 out of 1 points

The

Answer

strategy attempts to prevent the exploitation of the vulnerability.

Selected Answer:

Question 49

2.

defend control

1 out of 1 points

Which of the following functions does information security perform for an organization? Answer

Selected Answer:

1.

Question 50

1 out of 1 points

All of the above.

policies address the particular use of certain systems. Answer

Selected Answer:

Question 51

1 out of 1 points

2.

Systems-specific

The

the network.

Answer

hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on

Selected Answer:

4.

TCP

Question 52

1 out of 1 points

Which of the following is an example of a Trojan horse program? Answer

Selected Answer:

Question 53

1 out of 1 points

2.

Happy99.exe

The

organization.

Answer

is a methodology for the design and implementation of an information system in an

Selected Answer:

2.

SDLC

Question 54

1 out of 1 points

equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty. Answer

Selected Answer:

4.

Risk

Question 55

1 out of 1 points

The most successful kind of top-down approach involves a formal development strategy referred to as a Answer

Selected Answer:

2.

systems development life cycle

Question 56

1 out of 1 points

defines stiffer penalties for prosecution of terrorist crimes. Answer

Selected Answer:

Question 57

1 out of 1 points

3.

USA Patriot Act

Part of the logical design phase of the SecSDLC is planning for partial or catastrophic dictates what steps are taken when an attack occurs. Answer

Selected Answer:

2.

Incident response

Question 58

1 out of 1 points

was the first operating system to integrate security as its core functions. Answer

Selected Answer:

Question 59

1 out of 1 points

3.

MULTICS

The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any purposes. Answer

Selected Answer:

Question 60

1 out of 1 points

2.

marketing

is any technology that aids in gathering information about a person or organization without their knowledge. Answer

Selected Answer:

Question 61

1 out of 1 points

2.

Spyware

The National Information Infrastructure Protection Act of 1996 modified which Act? Answer

Selected Answer:

2.

Computer Fraud and Abuse Act

Question 62

1 out of 1 points

An information system is the entire set of

possible the use of information resources in the organization. Answer

, people, procedures, and networks that make

Selected Answer:

Question 63

3.

All of the above

1 out of 1 points

addresses are sometimes called electronic serial numbers or hardware addresses. Answer

Selected Answer:

Question 64

1.

MAC

1 out of 1 points

People with the primary responsibility for administering the systems that house the information

used by the organization perform the Answer

role.

Selected Answer:

Question 65

1.

system administrators

1 out of 1 points

Organizations are moving toward more

improve not only the functionality of the systems they have in place, but consumer confidence in their product. Answer

-focused

development approaches, seeking to

Selected Answer:

4.

security

Question 66

1 out of 1 points

In the U.S. military classification scheme,

unauthorized disclosure of which reasonably could be expected to cause damage to the national security. Answer

data is any information or material the

Selected Answer:

Question 67

4.

confidential

1 out of 1 points

One form of online vandalism is

protest the operations, policies, or actions of an organization or government agency. Answer

operations, which interfere with or disrupt systems to

Selected Answer:

Question 68

3.

hacktivist

1 out of 1 points

Management of classified data includes its storage and Answer

Selected Answer:

Question 69

1 out of 1 points

2.

All of the above

The

and attitude towards information security and relates the strategic value of information security within the organization.

Answer

security policy is an executive-level document that outlines the organization’s approach

Selected Answer:

1.

general

Question 70

1 out of 1 points

Laws and policies and their associated penalties only deter if which of the following conditions is present? Answer

Selected Answer:

Question 71

1 out of 1 points

2.

All of the above

Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which

is longer than Answer

characters in Internet Explorer 4.0, the browser will crash.

Selected Answer:

3.

256

Question 72

1 out of 1 points

According to Mark Pollitt,

information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents. Answer

is the premeditated, politically motivated attacks against

Selected Answer:

Question 73

4.

cyberterrorism

1 out of 1 points

is the predecessor to the Internet. Answer

Selected Answer:

4.

ARPANET

Question 74

1 out of 1 points

law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Answer

Selected Answer:

Question 75

2.

Public

1 out of 1 points

In a

attack, the attacker sends a large number of connection or information requests to a

target.

Answer

Selected Answer:

1.

Question 76

1 out of 1 points

denial-of-service

presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems. Answer

Selected Answer:

Question 77

1 out of 1 points

3.

NSTISSI No. 4011

The Council of Europe adopted the Convention of Cybercrime in Answer

Selected Answer:

3.

2001

Question 78

1 out of 1 points

The

Answer

model consists of six general phases.

Selected Answer:

Question 79

4.

waterfall

1 out of 1 points

The

implementation of information security in the organization. Answer

is the individual primarily responsible for the assessment, management, and

Selected Answer:

Question 80

4.

CISO

1 out of 1 points

Criminal or unethical Answer

Selected Answer:

Question 81

4.

intent

1 out of 1 points

goes to the state of mind of the individual performing the act.

In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to

compute a single large number called a Answer

value.

Selected Answer:

2.

hash

Question 82

1

out of 1 points

Which of the following phases is the longest and most expensive phase of the systems development life cycle? Answer

Selected Answer:

Question 83

1 out of 1 points

4.

maintenance and change

A(n)

Answer

attack is a hacker using a personal computer to break into a system.

Selected Answer:

Question 84

4.

direct

1 out of 1 points

A famous study entitled “Protection Analysis: Final Report” was published in Answer

Selected Answer:

3.

1978

Question 85

1 out of 1 points

Risk

information systems. Answer

is the application of controls to reduce the risks to an organization’s data and

Selected Answer:

Question 86

1.

control

Risk control is the application of controls to reduce the risks to an organization’s data and information systems. Answer

Selected Answer:

1.

True

Question 87

1 out of 1 points

A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information. Answer

Selected Answer:

2.

True

Question 88

0 out of 1 points

Once the organizational threats have been identified, an assets identification process is undertaken. Answer

Selected Answer:

2.

True

Question 89

1 out of 1 points

Due care requires that an organization make a valid effort to protect others and continually maintain this level of effort. Answer

Selected Answer:

Question 90

2.

False

Eliminating a threat is an impossible proposition. Answer

Selected Answer:

1.

True

Question 91

1 out of 1 points

Identifying human resources, documentation, and data information assets of an organization is less difficult than identifying hardware and software assets. Answer

Selected Answer:

2.

False

Question 92

1 out of 1 points

Network security focuses on the protection of the details of a particular operation or series of activities. Answer

Selected Answer:

Question 93

2.

False

0 out of 1 points

The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC). Answer

Selected Answer:

1.

True

Question 94

The Department of Homeland Security is the only U.S. federal agency charged with the protection of American information resources and the investigation of threats to, or attacks on, the resources. Answer

Selected Answer:

Question 95

1.

False

1 out of 1 points

The results from risk assessment activities can be delivered in a number of ways: a report on a systematic approach to risk control, a project-based risk assessment, or a topic-specific risk assessment. Answer

Selected Answer:

1.

True

Question 96

0 out of 1 points

One problem with benchmarking is that there are many organizations that are identical. Answer

Selected Answer:

1.

True

Question 97

1 out of 1 points

A worm requires that another program is running before it can begin functioning. Answer

Selected Answer:

Question 98

1.

False

0 out of 1 points

Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people’s information systems. Answer

Selected Answer:

Question 99

1.

False

0 out of 1 points

Thirty-four countries have ratified the European Council Cyber-Crime Convention as of April

2010.

Answer

Selected Answer:

2.

True

Question 100

1 out of 1 points

The value of information comes from the characteristics it possesses. Answer

Selected Answer:

1.

True

Question 101

1 out of 1 points

Information security safeguards the technology assets in use at the organization. Answer

Selected Answer:

1.

True

Question 102

1 out of 1 points

A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected. Answer

Selected Answer:

2.

True

Question 103

1 out of 1 points

Information security can be an absolute. Answer

Selected Answer:

2.

False

Question 104

1 out of 1 points

Best business practices are often called recommended practices. Answer

Selected Answer:

1.

True

Question 105

1 out of 1 points

When determining the relative importance of each asset, refer to the organization’s mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts. Answer

Selected Answer:

2.

True

Question 106

1 out of 1 points

“If you realize you do not know the enemy, you will gain an advantage in every battle." (Sun Tzu) Answer

Selected Answer:

2.

False

Question 107

1 out of 1 points

The roles of information security professionals are aligned with the goals and mission of the information security community of interest. Answer

Selected Answer:

2.

True

Question 108

0 out of 1 points

Information security managers and technicians are the creators of information. Answer

Selected Answer:

2.

True

Question 109

1 out of 1 points

Studies have reported that the Pacific Rim countries of Singapore and Hong Kong are hotbeds of software piracy. Answer

Selected Answer:

1.

True

Question 110

1 out of 1 points

An e-mail virus involves sending an e-mail message with a modified field. Answer

Selected Answer:

2.

False

Question 111

1 out of 1 points

You should adopt naming standards that do not convey information to potential system attackers. Answer

Selected Answer:

2.

True

Question 112

1 out of 1 points

A champion is a project manager, who may be a departmental line manager or staff unit manager, and understands project management, personnel management, and information security technical requirements. Answer

Selected Answer:

1.

False

Question 113

0 out of 1 points

DHS is made up of three directorates. Answer

Selected Answer:

2.

True

Question 114

1 out of 1 points

The bottom-up approach to information security has a higher probability of success than the top- down approach. Answer

Selected Answer:

1.

False

Question 115

0 out of 1 points

The NSA is responsible for signal intelligence and information system security. Answer

Selected Answer:

1.

False

Question 116

1 out of 1 points

DoS attacks cannot be launched against routers. Answer

Selected Answer:

2.

False

Question 117

1 out of 1 points

A firewall is a mechanism that keeps certain kinds of network traffic out of a private network. Answer

Selected Answer:

2.

True

Question 118

1 out of 1 points

The difference between a policy and a law is that ignorance of a law is an acceptable defense. Answer

Selected Answer:

1.

False

Question 119

1 out of 1 points

Metrics-based measures are generally less focused on numbers and more strategic than process- based measures. Answer

Selected Answer:

1.

False

Question 120

0 out of 1 points

Protocols are activities performed within the organization to improve security. Answer

Selected Answer:

2.

True

Question 121

1 out of 1 points

Some argue that it is virtually impossible to determine the true value of information and information-bearing assets. Answer

Selected Answer:

1.

True

Question 122

1 out of 1 points

Compared to Web site defacement, vandalism within a network is less malicious in intent and more public. Answer

Selected Answer:

2.

False

Question 123

1 out of 1 points

Forces of nature, force majeure, or acts of God can present some of the most dangerous threats, because they are usually occur with very little warning and are beyond the control of people. Answer

Selected Answer:

1.

True

Question 124

1 out of 1 points

Using a methodology increases the probability of success. Answer

Selected Answer:

1.

True

Question 125

1 out of 1 points

Leaving unattended computers on is one of the top information security mistakes made by individuals. Answer

Selected Answer:

2.

True

Question 126

1 out of 1 points

There are four general causes of unethical and illegal behavior. Answer

Selected Answer:

2.

False

Question 127

1 out of 1 points

When a computer is the subject of an attack, it is the entity being attacked. Answer

Selected Answer:

2.

False

Question 128

1 out of 1 points

The key difference between laws and ethics is that ethics carry the authority of a governing body and laws do not. Answer

Selected Answer:

2.

False

Question 129

0 out of 1 points

Know yourself means identifying, examining, and understanding the threats facing the organization. Answer

Selected Answer:

2.

True

Question 130

1 out of 1 points

With electronic information is stolen, the crime is readily apparent. Answer

Selected Answer:

1.

False

Question 131

1

out of 1 points

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. Answer

Selected Answer:

1.

True

Question 132

1 out of 1 points

Cultural differences can make it easy to determine what is and is not ethical—especially when it comes to the use of computers. Answer

Selected Answer:

2.

False

Question 133

0 out of 1 points

Every organization should have the collective will and budget to manage every threat by applying controls. Answer

Selected Answer:

2.

True

Question 134

1 out of 1 points

A certificate authority should actually be categorized as a software security component. Answer

Selected Answer:

1.

True

Question 135

The Information Systems Security Association (ISSA) is a nonprofit society of information security professionals whose primary mission is to bring together qualified information security practitioners for information exchange and educational development. Answer

Selected Answer:

1.

True

Question 136

0 out of 1 points

The amount of money spent to protect an asset is based in part on the value of the asset. Answer

Selected Answer:

2.

False

Question 137

1 out of 1 points

Comprehensive means that an information asset should fit in only one category. Answer

Selected Answer:

1.

False

Question 138

1 out of 1 points

A sniffer program shows all the data going by on a network segment including passwords, the data inside files—such as word-processing documents—and screens full of sensitive data from applications. Answer

Selected Answer:

2.

True

Question 139

A timing attack involves the interception of cryptographic elements to determine keys and

encryption algorithms.

Answer

Selected Answer:

2.

True

Question 140

1 out of 1 points

Examples of exceptionally grave damage include armed hostilities against the United States or its allies and disruption of foreign relations vitally affecting the national security.

Answer

Selected Answer:

1.

True

Question 141

1 out of 1 points

Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality’s ethical behavior violates the ethics of another national group.

Answer

Selected Answer:

1.

True

Question 142

0 out of 1 points

A breach of possession always results in a breach of confidentiality.

Answer

Selected Answer:

2.

True

Question 143

An act of theft performed by a hacker falls into the category of “theft,” but is also often accompanied by defacement actions to delay discovery and thus may also be placed within the category of “forces of nature.” Answer

Selected Answer:

2.

False

Question 144

1 out of 1 points

The Clipper Chip can be used to monitor or track private communications. Answer

Selected Answer:

1.

True

Question 145

1 out of 1 points

With the removal of copyright protection, software can be easily distributed and installed. Answer

Selected Answer:

2.

True

Question 146

0 out of 1 points

If every vulnerability identified in the organization is handled through mitigation, it may reflect an inability to conduct proactive security activities and an apathetic approach to security in general. Answer

Selected Answer:

2.

True

Question 147

Organizations should communicate with system users throughout the development of the security program, letting them know that change are coming. Answer

Selected Answer:

2.

True

Question 148

1 out of 1 points

Applications systems developed within the framework of the traditional SDLC are designed to anticipate a software attack that requires some degree of application reconstruction. Answer

Selected Answer:

2.

False

Question 149

1 out of 1 points

Organizations can use dictionaries to disallow passwords during the reset process and thus guard against easy-to-guess passwords. Answer

Selected Answer:

1.

True

Question 150

1 out of 1 points

Established in January 2001, the National InfraGard Program began as a cooperative effort between the FBI’s Cleveland Field Office and local technology professionals. Answer

Selected Answer:

2.

True