You are on page 1of 37

Question 1

1 out of 1 points

In ____ mode, the data within an IP packet is encrypted, but the header information is not. Answer Selected Answer: 1. transport

Question 2
1 out of 1 points

The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission. Answer Selected Answer: 4. SSL Record Protocol

Question 3
1 out of 1 points

The CA periodically distributes a(n) ____ to all users that identies all revoked certicates. Answer Selected Answer: 3. CRL

Question 4
1 out of 1 points

____ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown. Answer Selected Answer: 2. Work factor

Question 5

1 out of 1 points

A(n) ____ plan deals with the identication, classication, response, and recovery from an incident. Answer Selected Answer: 4. IR

Question 6
1 out of 1 points

____ is the action of luring an individual into committing a crime to get a conviction. Answer Selected Answer: 1. Entrapment

Question 7
1 out of 1 points

____ is the entire range of values that can possibly be used to construct an individual key. Answer Selected Answer: 3. Keyspace

Question 8
1 out of 1 points

The restrictions most commonly implemented in packet-ltering rewalls are based on ____. Answer Selected Answer: 3. All of the above

Question 9
1 out of 1 points

Bit stream methods commonly use algorithm functions like the exclusive OR operation (____). Answer Selected Answer: 2. XOR

Bit stream methods commonly use algorithm functions like the exclusive OR operation (____). Answer Selected Answer: 2. XOR

Question 10
1 out of 1 points

An X.509 v3 certicate binds a ____, which uniquely identies a certicate entity, to a users public key. Answer Selected Answer: 3. distinguished name

Question 11
1 out of 1 points

The rst phase in the development of the contingency planning process is the ____. Answer Selected Answer: 4. BIA

Question 12
1 out of 1 points

____ functions are mathematical algorithms that generate a message summary or digest to conrm the identity of a specic message and to conrm that there have not been any changes to the content. Answer Selected Answer: 3. Hash

Question 13
1 out of 1 points

The ____ is an intermediate area between a trusted network and an untrusted network. Answer Selected Answer: 3. DMZ

The ____ is an intermediate area between a trusted network and an untrusted network. Answer Selected Answer: 3. DMZ

Question 14
1 out of 1 points

____ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. Answer Selected Answer: 4. Key

Question 15
1 out of 1 points

____ inspection rewalls keep track of each network connection between internal and external systems. Answer Selected Answer: 3. Stateful

Question 16
1 out of 1 points

SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ____. Answer Selected Answer: 3. blueprint

Question 17
1 out of 1 points

RAID ____ drives can be hot swapped. Answer Selected Answer: 3. 5

RAID ____ drives can be hot swapped. Answer Selected Answer: 3. 5

Question 18
1 out of 1 points

____ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter rewalls, often between the rewall and the Internet border router to limit incoming attacks that could overwhelm the rewall. Answer Selected Answer: 3. Inline

Question 19
0 out of 1 points

The stated purpose of ____ is to give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization. Answer Selected Answer: 1. BS7799 (Part 2)

Question 20
1 out of 1 points

____ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding. Answer Selected Answer: 3. PGP

Question 21
1 out of 1 points

____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization. Answer Selected Answer: 1. Managerial

____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization. Answer Selected Answer: 1. Managerial

Question 22
1 out of 1 points

ICMP uses port ____ to request a response to a query and can be the rst indicator of a malicious attack. Answer Selected Answer: 2. 7

Question 23
1 out of 1 points

A ____ ltering rewall can react to an emergent event and update or create rules to deal with the event. Answer Selected Answer: 3. dynamic

Question 24
1 out of 1 points

The dominant architecture used to secure network access today is the ____ rewall. Answer Selected Answer: 3. screened subnet

Question 25
1 out of 1 points

An alert ____ is a document containing contact information for the people to be notied in the event of an incident. Answer Selected Answer: 4. roster

An alert ____ is a document containing contact information for the people to be notied in the event of an incident. Answer Selected Answer: 4. roster

Question 26
1 out of 1 points

Firewalls fall into ____ major processing-mode categories. Answer Selected Answer: 4. ve

Question 27
1 out of 1 points

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base. Answer Selected Answer: 1. signatures

Question 28
1 out of 1 points

Kerberos ____ provides tickets to clients who request services. Answer Selected Answer: 3. TGS

Question 29
1 out of 1 points

In a ____ attack, the attacker eavesdrops during the victims session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information. Answer Selected Answer: 3. timing

In a ____ attack, the attacker eavesdrops during the victims session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information. Answer Selected Answer: 3. timing

Question 30
1 out of 1 points

IDPS researchers have used padded cell and honeypot systems since the late ____. Answer Selected Answer: 1. 1980s

Question 31
1 out of 1 points

In recent years, the broadband router devices that can function as packet-ltering rewalls have been enhanced to combine the features of ____. Answer Selected Answer: 4. WAPs

Question 32
1 out of 1 points

Which of the following is a valid version of TACACS? Answer Selected Answer: 1. All of the above

Question 33
1 out of 1 points

A(n) ____ is a network tool that collects copies of packets from the network and analyzes them. Answer Selected Answer: 1. packet sniffer

A(n) ____ is a network tool that collects copies of packets from the network and analyzes them. Answer Selected Answer: 1. packet sniffer

Question 34
1 out of 1 points

Intrusion ____ activities nalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again. Answer Selected Answer: 4. correction

Question 35
1 out of 1 points

____ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem. Answer Selected Answer: 4. Correlation

Question 36
1 out of 1 points

A(n) ____ IDPS is focused on protecting network information assets. Answer Selected Answer: 4. network-based

Question 37
1 out of 1 points

A(n) ____ is a proposed systems user. Answer Selected Answer: 1. supplicant

A(n) ____ is a proposed systems user. Answer Selected Answer: 1. supplicant

Question 38
1 out of 1 points

A ____ is a key-dependent, one-way hash function that allows only specic recipients (symmetric key holders) to access the message digest. Answer Selected Answer: 4. MAC

Question 39
1 out of 1 points

____ is the process of classifying IDPS alerts so that they can be more effectively managed. Answer Selected Answer: 1. Alarm ltering

Question 40
1 out of 1 points

In most common implementation models, the content lter has two components: ____. Answer Selected Answer: 2. rating and ltering

Question 41
1 out of 1 points

Telnet protocol packets usually go to TCP port ____. Answer Selected Answer: 1. 23

Question 42
1 out of 1 points

The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees. Answer Selected Answer: 4. CISO

Question 43
1 out of 1 points

ISA Server can use ____ technology. Answer Selected Answer: 4. Point to Point Tunneling Protocol

Question 44
1 out of 1 points

A buffer against outside attacks is frequently referred to as a(n) ____. Answer Selected Answer: 1. DMZ

Question 45
1 out of 1 points

Using ____, the system reviews the log les generated by servers, network devices, and even other IDPSs. Answer Selected Answer: 2. LFM

Question 46

1 out of 1 points

____-based IDPSs look at patterns of network trafc and attempt to detect unusual activity based on previous baselines. Answer Selected Answer: 2. Network

Question 47
1 out of 1 points

SHA-1 produces a(n) ____-bit message digest, which can then be used as an input to a digital signature algorithm. Answer Selected Answer: 2. 160

Question 48
1 out of 1 points

The ____ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts. Answer Selected Answer: 4. EISP

Question 49
1 out of 1 points

____ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol. Answer Selected Answer: 4. Fuzz

Question 50

1 out of 1 points

____ and TACACS are systems that authenticate the credentials of users who are trying to access an organizations network via a dial-up connection. Answer Selected Answer: 1. RADIUS

Question 51
1 out of 1 points

A(n) ____ is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. Answer Selected Answer: 3. VPN

Question 52
1 out of 1 points

____ ltering requires that the ltering rules governing how the rewall decides which packets are allowed and which are denied be developed and installed with the rewall. Answer Selected Answer: 3. Static

Question 53
1 out of 1 points

Which of the following ports is commonly used for the HTTP protocol? Answer Selected Answer: 1. 80

Question 54

1 out of 1 points

The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the ____. Answer Selected Answer: 3. IETF

Question 55
1 out of 1 points

____ controls address personnel security, physical security, and the protection of production inputs and outputs. Answer Selected Answer: 1. Operational

Question 56
1 out of 1 points

The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate. Answer Selected Answer: 4. CER

Question 57
1 out of 1 points

Effective management includes planning and ____. Answer Selected Answer: 3. All of the above

Question 58
1 out of 1 points

Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host. Answer Selected Answer: 3. sacricial

Question 59
1 out of 1 points

The proxy server is often placed in an unsecured area of the network or is placed in the ____ zone. Answer Selected Answer: 3. demilitarized

Question 60
1 out of 1 points

Incident damage ____ is the rapid determination of the scope of the breach of the condentiality, integrity, and availability of information and information assets during or just following an incident. Answer Selected Answer: 1. assessment

Question 61
1 out of 1 points

The ____ protocol provides system-to-system authentication and data integrity verication, but does not provide secrecy for the content of a network communication. Answer Selected Answer: 4. AH

Question 62
1 out of 1 points

____ is the protocol used to secure communications across any IP-based network such as LANs, WANs, and the Internet. Answer Selected Answer: 2. IPSec

Question 63
1 out of 1 points

____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user. Answer Selected Answer: 3. Biometric access control

Question 64
1 out of 1 points

Security ____ are the areas of trust within which users can freely communicate. Answer Selected Answer: 1. domains

Question 65
1 out of 1 points

More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions. Answer Selected Answer: 1. polyalphabetic

Question 66
1 out of 1 points

____ applications use a combination of techniques to detect an intrusion and then trace it back to its source. Answer Selected Answer: 1. Trap and trace

____ applications use a combination of techniques to detect an intrusion and then trace it back to its source. Answer Selected Answer: 1. Trap and trace

Question 67
1 out of 1 points

A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm. Answer Selected Answer: 2. IDS

Question 68
1 out of 1 points

Strategic planning is the process of moving the organization towards its ____. Answer Selected Answer: 2. vision

Question 69
1 out of 1 points

In SESAME, the user is rst authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ____. Answer Selected Answer: 1. PAC

Question 70
1 out of 1 points

The ____ algorithm was the rst public key encryption algorithm developed (in 1977) and published for commercial use. Answer Selected Answer: 2. RSA

The ____ algorithm was the rst public key encryption algorithm developed (in 1977) and published for commercial use. Answer Selected Answer: 2. RSA

Question 71
1 out of 1 points

____ generates and issues session keys in Kerberos. Answer Selected Answer: 2. KDC

Question 72
1 out of 1 points

____ benchmark and monitor the status of key system les and detect when an intruder creates, modies, or deletes monitored les. Answer Selected Answer: 2. HIDPSs

Question 73
1 out of 1 points

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____. Answer Selected Answer: 1. ngerprinting

Question 74
1 out of 1 points

In TCP/IP networking, port ____ is not used. Answer Selected Answer: 4. 0

In TCP/IP networking, port ____ is not used. Answer Selected Answer: 4. 0

Question 75
1 out of 1 points

____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and le storage applications. Answer Selected Answer: 3. PGP

Question 76
1 out of 1 points

____ are decoy systems designed to lure potential attackers away from critical systems. Answer Selected Answer: 4. Honeypots

Question 77
1 out of 1 points

A ____ site provides only rudimentary services and facilities. Answer Selected Answer: 1. cold

Question 78
1 out of 1 points

Among all possible biometrics, ____ is(are) considered truly unique. Answer Selected Answer: 3. All of the above

Among all possible biometrics, ____ is(are) considered truly unique. Answer Selected Answer: 3. All of the above

Question 79
1 out of 1 points

Digital signatures should be created using processes and products that are based on the ____. Answer Selected Answer: 2. DSS

Question 80
1 out of 1 points

The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources. Answer Selected Answer: 4. security

Question 81
1 out of 1 points

A method of encryption that requires the same secret key to encipher and decipher the message is known as ____ encryption. Answer Selected Answer: 3. symmetric

Question 82
1 out of 1 points

Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs. Answer Selected Answer: 1. passive

Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs. Answer Selected Answer: 1. passive

Question 83
1 out of 1 points

____ is a federal information processing standard that species a cryptographic algorithm used within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure. Answer Selected Answer: 3. AES

Question 84
1 out of 1 points

____ often function as standards or procedures to be used when conguring or maintaining systems. Answer Selected Answer: 4. SysSPs

Question 85
1 out of 1 points

____ rewalls examine every incoming packet header and can selectively lter packets based on header information such as destination address, source address, packet type, and other key information. Answer Selected Answer: 3. Packet-ltering

Question 86
1 out of 1 points

Standards may be published, scrutinized, and ratied by a group, as in formal or ____ standards. Answer Selected Answer: 1. de jure

Standards may be published, scrutinized, and ratied by a group, as in formal or ____ standards. Answer Selected Answer: 1. de jure

Question 87
1 out of 1 points

____ is an event that triggers an alarm when no actual attack is in progress. Answer Selected Answer: 1. False Attack Stimulus

Question 88
1 out of 1 points

____ are encrypted messages that can be mathematically proven to be authentic. Answer Selected Answer: 3. Digital signatures

Question 89
1 out of 1 points

____ is the protocol for handling TCP trafc through a proxy server. Answer Selected Answer: 3. SOCKS

Question 90
1 out of 1 points

What country adopted ISO/IEC 17799? Answer Selected Answer: 4. None of the above

Question 91
1 out of 1 points

____ rewalls are designed to operate at the media access control sublayer of the data link layer of the OSI network model. Answer Selected Answer: 1. MAC layer

Question 92
1 out of 1 points

____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. Answer Selected Answer: 1. NIDPSs

Question 93
1 out of 1 points

A security ____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization. Answer Selected Answer: 4. framework

Question 94
1 out of 1 points

____ is the process of converting an original message into a form that is unreadable to unauthorized individuals. Answer Selected Answer: 4. Encryption

Question 95
1 out of 1 points

The application gateway is also known as a(n) ____. Answer Selected Answer: 2. application-level rewall

Question 96
0 out of 1 points

____ is a specially congured connection on a network device that is capable of viewing all of the trafc that moves through the entire device. Answer Selected Answer: 1. NIDPS

Question 97
1 out of 1 points

Redundancy can be implemented at a number of points throughout the security architecture, such as in ____. Answer Selected Answer: 2. All of the above

Question 98
1 out of 1 points

DES uses a(n) ____-bit block size. Answer Selected Answer: 2. 64

Question 99

1 out of 1 points

The transfer of large batches of data to an off-site facility is called ____. Answer Selected Answer: 1. electronic vaulting

Question 100
1 out of 1 points

____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely. Answer Selected Answer: 4. PKI

Question 101
1 out of 1 points

To assist in the footprint intelligence collection process, you can use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses. Answer Selected Answer: 1. True

Question 102
1 out of 1 points

A HIDPS can monitor systems logs for predened events. Answer Selected Answer: 1. True

Question 103
0 out of 1 points

The asymmetric encryption systems use a single key to both encrypt and decrypt a message. Answer Selected Answer: 1. True

Question 104
1 out of 1 points

The encapsulating security payload protocol provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verication. Answer Selected Answer: 1. True

Question 105
1 out of 1 points

Failure to develop an information security system based on the organizations mission, vision, and culture guarantees the failure of the information security program. Answer Selected Answer: 2. True

Question 106
1 out of 1 points

The application rewall runs special software that acts as a proxy for a service request. Answer Selected Answer: 2. True

Question 107
1 out of 1 points

There are limits to the level of congurability and protection that software rewalls can provide. Answer Selected Answer: 1. True

There are limits to the level of congurability and protection that software rewalls can provide. Answer Selected Answer: 1. True

Question 108
0 out of 1 points

To perform the Caesar cipher encryption operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted. Answer Selected Answer: 1. True

Question 109
1 out of 1 points

A VPN allows a user to turn the Internet into a private network. Answer Selected Answer: 1. True

Question 110
0 out of 1 points

Intrusion detection and prevention systems can deal effectively with switched networks. Answer Selected Answer: 2. True

Question 111
1 out of 1 points

The Federal Bureau of Investigation deals with many computer crimes that are categorized as felonies. Answer Selected Answer: 2. True

The Federal Bureau of Investigation deals with many computer crimes that are categorized as felonies. Answer Selected Answer: 2. True

Question 112
1 out of 1 points

Dictionary attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext generated by the cryptosystem. Answer Selected Answer: 2. False

Question 113
1 out of 1 points

A starting scanner is one that initiates trafc on the network in order to determine security holes. Answer Selected Answer: 1. False

Question 114
1 out of 1 points

You can create a single comprehensive ISSP document covering all information security issues. Answer Selected Answer: 1. True

Question 115
1 out of 1 points

A Web server is often exposed to higher levels of risk when placed in the DMZ than when it is placed in the untrusted network. Answer Selected Answer: 2. False

A Web server is often exposed to higher levels of risk when placed in the DMZ than when it is placed in the untrusted network. Answer Selected Answer: 2. False

Question 116
1 out of 1 points

The ability to restrict a specic service is now considered standard in most routers and is invisible to the user. Answer Selected Answer: 1. True

Question 117
1 out of 1 points

Database shadowing only processes a duplicate in real-time data storage but does not duplicate the databases at the remote site. Answer Selected Answer: 1. False

Question 118
1 out of 1 points

A false positive is the failure of an IDPS system to react to an actual attack event. Answer Selected Answer: 2. False

Question 119
1 out of 1 points

In order to determine which IDPS best meets an organizations needs, rst consider the organizational environment in technical, physical, and political terms. Answer Selected Answer: 2. True

In order to determine which IDPS best meets an organizations needs, rst consider the organizational environment in technical, physical, and political terms. Answer Selected Answer: 2. True

Question 120
0 out of 1 points

Your organizations operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. Answer Selected Answer: 1. True

Question 121
1 out of 1 points

A content lter is technically a rewall. Answer Selected Answer: 1. False

Question 122
1 out of 1 points

A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. Answer Selected Answer: 2. True

Question 123
1 out of 1 points

All IDPS vendors target users with the same levels of technical and security expertise. Answer Selected Answer: 2. False

All IDPS vendors target users with the same levels of technical and security expertise. Answer Selected Answer: 2. False

Question 124
1 out of 1 points

Nmap uses incrementing Time-To-Live packets to determine the path into a network as well as the default rewall policy. Answer Selected Answer: 1. False

Question 125
1 out of 1 points

Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing. Answer Selected Answer: 2. False

Question 126
1 out of 1 points

Firewall Rule Set 1 states that responses to internal requests are not allowed. Answer Selected Answer: 1. False

Question 127
0 out of 1 points

It is important that e-mail trafc reach your e-mail server and only your e-mail server. Answer Selected Answer: 2. False

Question 128
1 out of 1 points

The Extended TACACS version uses dynamic passwords and incorporates two-factor authentication. Answer Selected Answer: 1. False

Question 129
1 out of 1 points

One method of protecting the residential user is to install a software rewall directly on the users system. Answer Selected Answer: 2. True

Question 130
1 out of 1 points

To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and planned revision date. Answer Selected Answer: 1. True

Question 131
1 out of 1 points

Internet connections via dial-up and leased lines are becoming more popular. Answer Selected Answer: 2. False

Question 132
1 out of 1 points

HIDPSs are also known as system integrity veriers. Answer Selected Answer: 1. True

Question 133
1 out of 1 points

One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message. Answer Selected Answer: 2. True

Question 134
1 out of 1 points

NIDPSs can reliably ascertain if an attack was successful or not. Answer Selected Answer: 2. False

Question 135
1 out of 1 points

In DNS cache poisoning, valid packets exploit poorly congured DNS servers to inject false information to corrupt the servers answers to routine DNS queries from other systems on the network. Answer Selected Answer: 1. True

Question 136
1 out of 1 points

Secure Electronic Transactions was developed by MasterCard and VISA in 1997 to protect against electronic payment fraud. Answer Selected Answer: 2. True

Question 137
1 out of 1 points

Packet ltering rewalls scan network data packets looking for compliance with or violation of the rules of the rewalls database. Answer Selected Answer: 2. True

Question 138
1 out of 1 points

In 1917, Gilbert S.Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a non-repeating random key. Answer Selected Answer: 1. True

Question 139
0 out of 1 points

The ISSP sets out the requirements that must be met by the information security blueprint or framework. Answer Selected Answer: 2. True

Question 140
0 out of 1 points

The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus. Answer Selected Answer: 1. True

Question 141
1 out of 1 points

Many industry observers claim that ISO/IEC 17799 is not as complete as other frameworks. Answer Selected Answer: 1. True

Question 142
1 out of 1 points

Information security safeguards provide two levels of control: managerial and remedial. Answer Selected Answer: 1. False

Question 143
1 out of 1 points

A sniffer cannot be used to eavesdrop on network trafc. Answer Selected Answer: 2. False

Question 144

1 out of 1 points

Circuit gateway rewalls usually look at data trafc owing between one network and another. Answer Selected Answer: 2. False

Question 145
1 out of 1 points

NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans. Answer Selected Answer: 1. True

Question 146
1 out of 1 points

The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively. Answer Selected Answer: 1. True

Question 147
1 out of 1 points

IDPS responses can be classied as active or passive. Answer Selected Answer: 1. True

Question 148
1 out of 1 points

An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDPS. Answer Selected Answer: 1. True

Question 149
0 out of 1 points

Nonrepudiation means that customers or partners can be held accountable for transactions, such as online purchases, which they cannot later deny. Answer Selected Answer: 1. False

Question 150
1 out of 1 points

Each policy should contain procedures and a timetable for periodic review. Answer Selected Answer: 1. True