Upload
idk
View
7.522
Download
0
Embed Size (px)
Citation preview
Question1Marks: 1
Corrective action decisions are usually expressed in terms of trade-offs.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question2Marks: 1
Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality’s ethical behavior violates the ethics of another national group.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question3Marks: 1
Laws and policies and their associated penalties only deter if which of the following conditions is present?
Choose one answer.
a. Fear of penalty
b. Probability of being caught
c. Probability of penalty being administered
d. All of the above
CorrectMarks for this submission: 1/1.
Question4Marks: 1
Privacy is not absolute freedom from observation, but rather is a more precise “state of being free from unsanctioned intrusion.”
Answer:
True False
CorrectMarks for this submission: 1/1.
Question5Marks: 1
____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
Choose one answer.
a. NIDPSs
b. HIDPSs
c. AppIDPSs
d. SIDPSs
CorrectMarks for this submission: 1/1.
Question6Marks: 1
The ____ layer of the bulls-eye model receives attention last.
Choose one answer.
a. Policies
b. Networks
c. Systems
d. Applications
CorrectMarks for this submission: 1/1.
Question7Marks: 1
Ethics define socially acceptable behaviors.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question8
Marks: 1
Enticement is the action of luring an individual into committing a crime to get a conviction.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question9Marks: 1
System Administration, Networking, and Security Organization is better known as ____.
Choose one answer.
a. SANO
b. SAN
c. SANS
d. SANSO
CorrectMarks for this submission: 1/1.
Question10Marks: 1
Criminal or unethical ____ goes to the state of mind of the individual performing the act.
Choose one answer.
a. attitude
b. intent
c. accident
d. ignorance
CorrectMarks for this submission: 1/1.
Question11Marks: 1
A(n) capability table specifies which subjects and objects users or groups can access.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question12Marks: 1
Compared to Web site defacement, vandalism within a network is less malicious in intent and more public.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question13Marks: 1
A cybernetic loop ensures that progress is measured periodically.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question14Marks: 1
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?
Choose one answer.
a. Electronic Communications Privacy Act
b. Financial Services Modernization Ac
c. Sarbanes-Oxley Act
d. Economic Espionage Act
CorrectMarks for this submission: 1/1.
Question15Marks: 1
A maintenance model such as the ISO model deals with methods to manage and operate systems.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question16Marks: 1
Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses?
Choose one answer.
a. Electronic Communications Privacy Act of 1986
b. Freedom of Information Act (FOIA)
c. Computer Fraud and Abuse Act
d. Federal Privacy Act of 1974
CorrectMarks for this submission: 1/1.
Question17Marks: 1
Minutiae are unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question18Marks: 1
There are ____ common vulnerability assessment processes.
Choose one answer.
a. two
b. three
c. four
d. five
CorrectMarks for this submission: 1/1.
Question19Marks: 1
Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question20Marks: 1
A padded cell is a hardened honeynet.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question21Marks: 1
A computer is the ____ of an attack when it is used to conduct the attack.
Choose one answer.
a. subject
b. object
c. target
d. facilitator
CorrectMarks for this submission: 1/1.
Question22Marks: 1
Administrators provide the policies, guidelines and standards in the Schwartz, Erwin,Weafer, and Briney classification.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question23Marks: 1
Carbon dioxide systems rob fire of its oxygen.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question24Marks: 1
The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use.
Choose one answer.
a. DES
b. RSA
c. MAC
d. AES
CorrectMarks for this submission: 1/1.
Question25Marks: 1
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question26Marks: 1
____ are hired by the organization to serve in a temporary position or to supplement the existing workforce.
Choose one answer.
a. Temporary employees
b. Consultants
c. Contractors
d. Self-employees
CorrectMarks for this submission: 1/1.
Question27Marks: 1
____ are encrypted messages that can be mathematically proven to be authentic.
Choose one answer.
a. Digital signatures
b. MAC
c. Message certificates
d. Message digests
CorrectMarks for this submission: 1/1.
Question28Marks: 1
A(n) ____ IDPS is focused on protecting network information assets.
Choose one answer.
a. network-based
b. host-based
c. application-based
d. server-based
CorrectMarks for this submission: 1/1.
Question29Marks: 1
In a ____ implementation, the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization.
Choose one answer.
a. loop
b. direct
c. parallel
d. pilot
CorrectMarks for this submission: 1/1.
Question30Marks: 1
____ involves a wide variety of computing sites that are distant from the base organizational facility and includes all forms of telecommuting.
Choose one answer.
a. Remote site computing
b. Telecommuting
c. Remote working
d. Hot site computing
CorrectMarks for this submission: 1/1.
Question31Marks: 1
All of the existing certifications are fully understood by hiring organizations.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question32Marks: 1
NIST documents can assist in the design of a security framework.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question33Marks: 1
A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
Choose one answer.
a. denial-of-service
b. distributed denial-of-service
c. virus
d. spam
CorrectMarks for this submission: 1/1.
Question34Marks: 1
Which of the following phases is the longest and most expensive phase of the systems development life cycle?
Choose one answer.
a. investigation
b. logical design
c. implementation
d. maintenance and change
CorrectMarks for this submission: 1/1.
Question35Marks: 1
A breach of possession always results in a breach of confidentiality.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question36Marks: 1
A(n) exposure factor is the expected percentage of loss that would occur from a particular attack.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question37Marks: 1
An information system is the entire set of ____, people, procedures, and networks that make possible the use of information resources in the organization.
Choose one answer.
a. software
b. hardware
c. data
d. All of the above
CorrectMarks for this submission: 1/1.
Question38Marks: 1
A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question39Marks: 1
There are generally two skill levels among hackers: expert and ____.
Choose one answer.
a. novice
b. journeyman
c. packet monkey
d. professional
CorrectMarks for this submission: 1/1.
Question40Marks: 1
Address grants prohibit packets with certain addresses or partial addresses from passing through the device.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question41Marks: 1
A buffer against outside attacks is frequently referred to as a(n) ____.
Choose one answer.
a. proxy server
b. no-man’s land
c. DMZ
d. firewall
CorrectMarks for this submission: 1/1.
Question42Marks: 1
Information security can be an absolute.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question43Marks: 1
Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question44Marks: 1
Guards can evaluate each situation as it arises and make reasoned responses.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question45Marks: 1
CM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question46Marks: 1
ISACA stands for Information Systems Automation and Control Association.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question47Marks: 1
Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs.
Choose one answer.
a. passive
b. active
c. reactive
d. dynamic
CorrectMarks for this submission: 1/1.
Question48Marks: 1
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
Choose one answer.
a. avoidance of risk
b. transference
c. mitigation
d. accept control
CorrectMarks for this submission: 1/1.
Question49Marks: 1
The ____ program focuses more on building trusted networks, including biometrics and PKI.
Choose one answer.
a. NFC
b. SCNP
c. PKI
d. SCNA
Correct
Marks for this submission: 1/1.
Question50Marks: 1
CERTs stands for computer emergency recovery teams.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question51Marks: 1
A ____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
Choose one answer.
a. signature
b. MAC
c. fingerprint
d. digest
CorrectMarks for this submission: 1/1.
Question52Marks: 1
A VPN allows a user to use the Internet into a private network.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question53Marks: 1
The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future.
Choose one answer.
a. direct changeover
b. wrap-up
c. phased implementation
d. pilot implementation
CorrectMarks for this submission: 1/1.
Question54Marks: 1
Digital forensics helps the organization understand what happened and how.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question55Marks: 1
Organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product.
Choose one answer.
a. security
b. reliability
c. accessibility
d. availability
CorrectMarks for this submission: 1/1.
Question56Marks: 1
Builders operate and administrate the security tools and the security monitoring function and continuously improve the processes, performing all the day-to-day work.
Answer:
True False
Correct
Marks for this submission: 1/1.
Question57Marks: 1
Deterrence can prevent an illegal or unethical activity from occurring.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question58Marks: 1
A service bureau is an agency that provides a service for a fee.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question59Marks: 1
Each CISSP concentration exam consists of 25 to 50 questions.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question60Marks: 1
Established in January 2001, the National InfraGard Program began as a cooperative effort between the FBI’s Cleveland Field Office and local technology professionals.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question61Marks: 1
In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____.
Choose one answer.
a. UDPs
b. MACs
c. WANs
d. WAPs
CorrectMarks for this submission: 1/1.
Question62Marks: 1
A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question63Marks: 1
The primary mailing list, called simply ____, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited, and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.
Choose one answer.
a. Bug
b. Bugfix
c. Buglist
d. Bugtraq
CorrectMarks for this submission: 1/1.
Question64Marks: 1
First generation firewalls are application-level firewalls.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question65Marks: 1
The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.
Choose one answer.
a. Customer
b. Health Insurance
c. Computer
d. Telecommunications
CorrectMarks for this submission: 1/1.
Question66Marks: 1
UN-CERT is a set of moderated mailing lists full of detailed, full-disclosure discussions and announcements about computer security vulnerabilities.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question67Marks: 1
Attackers may conduct an encrypted-plaintext attack by sending potential victims a specific text that they are sure the victims will forward on to others.
Answer:
True False
Correct
Marks for this submission: 1/1.
Question68Marks: 1
Most information security projects require a trained project CEO.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question69Marks: 1
A(n) man-in-the-middle attack attempts to intercept a public key or even to insert a known key structure in place of the requested public key.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question70Marks: 1
Cold detectors measure rates of change in the ambient temperature in the room.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question71Marks: 1
The ____ mailing list includes announcements and discussion of an open-source IDPS.
Choose one answer.
a. Nmap-hackers
b. Packet Storm
c. Security Focus
d. Snort-sigs
CorrectMarks for this submission: 1/1.
Question72Marks: 1
In the ____ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively short period of time.
Choose one answer.
a. fixed temperature
b. permanent temperature
c. fixed rate
d. rate-of-rise
CorrectMarks for this submission: 1/1.
Question73Marks: 1
The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.
Choose one answer.
a. defense
b. assessment
c. security
d. information
CorrectMarks for this submission: 1/1.
Question74Marks: 1
A best practice proposed for a small home office setting is appropriate to help design control strategies for a multinational company.
Answer:
True False
Correct
Marks for this submission: 1/1.
Question75Marks: 1
All liquid systems are designed to apply liquid, usually water, to all areas in which a fire has been detected.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question76Marks: 1
More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions.
Choose one answer.
a. multialphabetic
b. monoalphabetic
c. polyalphabetic
d. polynomic
CorrectMarks for this submission: 1/1.
Question77Marks: 1
The ____ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
Choose one answer.
a. Bug/CERT
b. Bugtraq/CERT
c. CC/CERT
d. CERT/CC
CorrectMarks for this submission: 1/1.
Question78
Marks: 1
What is the subject of the Sarbanes-Oxley Act?
Choose one answer.
a. Banking
b. Financial Reporting
c. Privacy
d. Trade secrets
CorrectMarks for this submission: 1/1.
Question79Marks: 1
Many information security professionals enter the field from traditional ____ assignments.
Choose one answer.
a. HR
b. BA
c. IT
d. All of the above
CorrectMarks for this submission: 1/1.
Question80Marks: 1
A(n) listener vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question81Marks: 1
The SETA program is the responsibility of the ____ and is a control measure designed to reduce the incidences of accidental security breaches by employees.
Choose one answer.
a. CIO
b. CISCO
c. CISO
d. end users
CorrectMarks for this submission: 1/1.
Question82Marks: 1
____ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.
Choose one answer.
a. Hash
b. Map
c. Key
d. Encryption
CorrectMarks for this submission: 1/1.
Question83Marks: 1
Electronic monitoring includes ____ systems.
Choose one answer.
a. blocked video
b. local video
c. open-circuit television
d. closed-circuit television
CorrectMarks for this submission: 1/1.
Question84
Marks: 1
A mail bomb is a form of DoS.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question85Marks: 1
A certificate authority should actually be categorized as a software security component.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question86Marks: 1
In many organizations, information security teams lacks established roles and responsibilities.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question87Marks: 1
A(n) distinguished name uniquely identifies a certificate entity, to a user’s public key.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question88Marks: 1
Web hosting services are usually arranged with an agreement providing minimum service levels known as a(n) ____.
Choose one answer.
a. SSL
b. SLA
c. MSL
d. MIN
CorrectMarks for this submission: 1/1.
Question89Marks: 1
All systems that are mission critical should be enrolled in PSV measurement.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question90Marks: 1
The date for sending the final RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete.
Choose one answer.
a. intermediate step
b. resource
c. milestone
d. deliverable
CorrectMarks for this submission: 1/1.
Question91Marks: 1
The most sophisticated locks are ____ locks.
Choose one answer.
a. manual
b. programmable
c. electronic
d. biometric
CorrectMarks for this submission: 1/1.
Question92Marks: 1
A(n) perimeter is a segment of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question93Marks: 1
An alert ____ is a document containing contact information for the people to be notified in the event of an incident.
Choose one answer.
a. message
b. roster
c. plan
d. list
CorrectMarks for this submission: 1/1.
Question94Marks: 1
The ____ involves collecting information about an organization’s objectives, its technical architecture, and its information security environment.
Choose one answer.
a. SISC
b. SecSDLC
c. DLC
d. SIDLC
CorrectMarks for this submission: 1/1.
Question95Marks: 1
A(n) ____ is a statement of the boundaries of the RA.
Choose one answer.
a. scope
b. disclaimer
c. footer
d. head
CorrectMarks for this submission: 1/1.
Question96Marks: 1
A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question97Marks: 1
GIAC stands for Global Information Architecture Certification.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question98Marks: 1
A(n) ____ is “a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.”
Choose one answer.
a. SVPN
b. VPN
c. SESAME
d. KERBES
CorrectMarks for this submission: 1/1.
Question99Marks: 1
Firewalls fall into ____ major processing-mode categories.
Choose one answer.
a. two
b. three
c. four
d. five
CorrectMarks for this submission: 1/1.
Question100Marks: 1
The most successful kind of top-down approach involves a formal development strategy referred to as a ____.
Choose one answer.
a. systems design
b. development life project
c. systems development life cycle
d. systems schema
Correct
Marks for this submission: 1/1.
Question101Marks: 1
UPS devices typically run up to ____ VA.
Choose one answer.
a. 100
b. 250
c. 500
d. 1,000
CorrectMarks for this submission: 1/1.
Question102Marks: 1
Interior walls reach only part way to the next floor, which leaves a space above the ceiling of the offices but below the top of the storey. This space is called a(n) ____.
Choose one answer.
a. kneespace
b. attic
c. plenum
d. padding
CorrectMarks for this submission: 1/1.
Question103Marks: 1
Smoke detection systems are perhaps the most common means of detecting a potentially dangerous fire, and they are required by building codes in most residential dwellings and commercial buildings.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question104
Marks: 1
Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
Choose one answer.
a. benefit
b. appetite
c. acceptance
d. avoidance
CorrectMarks for this submission: 1/1.
Question105Marks: 1
Which of the following is an example of a Trojan horse program?
Choose one answer.
a. Netsky
b. MyDoom
c. Klez
d. Happy99.exe
CorrectMarks for this submission: 1/1.
Question106Marks: 1
A timing attack involves the interception of cryptographic elements to determine keys and encryption algorithms.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question107Marks: 1
A study of information security positions, done by Schwartz, Erwin,Weafer, and Briney, found that positions can be classified into one of ____ areas.
Choose one answer.
a. two
b. three
c. four
d. five
CorrectMarks for this submission: 1/1.
Question108Marks: 1
DMZ is the primary way to secure an organization’s networks.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question109Marks: 1
Program-specific policies address the specific implementations or applications of which users should be aware.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question110Marks: 1
The military uses a _____-level classification scheme.
Choose one answer.
a. three
b. four
c. five
d. six
CorrectMarks for this submission: 1/1.
Question111Marks: 1
The Lewin change model consists of ____.
Choose one answer.
a. unfreezing
b. moving
c. refreezing
d. All of the above
CorrectMarks for this submission: 1/1.
Question112Marks: 1
A sniffer program shows all the data going by on a network segment including passwords, the data inside files—such as word-processing documents—and screens full of sensitive data from applications.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question113Marks: 1
Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
Choose one answer.
a. assessment
b. evaluation
c. recovery
d. plan
CorrectMarks for this submission: 1/1.
Question114Marks: 1
Secure VPNs use security protocols and encrypt traffic transmitted across unsecured public networks like the Internet.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question115Marks: 1
People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role.
Choose one answer.
a. security policy developers
b. security professionals
c. system administrators
d. end users
CorrectMarks for this submission: 1/1.
Question116Marks: 1
A HIDPS can monitor systems logs for predefined events.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question117Marks: 1
Technical controls are the tactical and technical implementations of security in the organization.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question118Marks: 1
An effective information security governance program requires constant change.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question119Marks: 1
Many corporations use a ____ to help secure the confidentiality and integrity of information.
Choose one answer.
a. system classification scheme
b. data restoration scheme
c. data hierarchy
d. data classification scheme
CorrectMarks for this submission: 1/1.
Question120Marks: 1
Intellectual property is defined as “the ownership of ideas and control over the tangible or virtual representation of those ideas.”
Answer:
True False
CorrectMarks for this submission: 1/1.
Question121Marks: 1
A cold site provides many of the same services and options of a hot site.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question122Marks: 1
ISO 27001 Information Security Handbook: A Guide for Managers provides managerial guidance for the establishment and implementation of an information security program.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question123Marks: 1
The first phase of risk management is ____.
Choose one answer.
a. risk identification
b. design
c. risk control
d. risk evaluation
CorrectMarks for this submission: 1/1.
Question124Marks: 1
Telnet protocol packets usually go to TCP port ____.
Choose one answer.
a. 7
b. 8
c. 14
d. 23
CorrectMarks for this submission: 1/1.
Question125Marks: 1
The applicant for the CISM must provide evidence of ____ years of professional work experience in the field of information security, with a waiver or substitution of up to two years for education or previous certification.
Choose one answer.
a. five
b. eight
c. ten
d. twelve
CorrectMarks for this submission: 1/1.
Question126Marks: 1
Access control is achieved by means of a combination of policies, programs, and technologies.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question127Marks: 1
A(n) contingency plan is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question128Marks: 1
____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.
Choose one answer.
a. Drones
b. Helpers
c. Zombies
d. Servants
CorrectMarks for this submission: 1/1.
Question129Marks: 1
Project managers can reduce resistance to change by involving employees in the project plan. In systems development, this is referred to as ____.
Choose one answer.
a. DMZ
b. SDLC
c. WBS
d. JAD
CorrectMarks for this submission: 1/1.
Question130Marks: 1
Privacy Enhanced Mail was proposed by the Internet Engineering Task Force and is a standard that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question131Marks: 1
Complete loss of power for a moment is known as a ____.
Choose one answer.
a. sag
b. fault
c. brownout
d. blackout
CorrectMarks for this submission: 1/1.
Question132Marks: 1
The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts.
Choose one answer.
a. Violence
b. Fraud
c. Theft
d. Usage
CorrectMarks for this submission: 1/1.
Question133Marks: 1
The restrictions most commonly implemented in packet-filtering firewalls are based on ____.
Choose one answer.
a. IP source and destination address
b. Direction (inbound or outbound)
c. TCP or UDP source and destination port requests
d. All of the above
CorrectMarks for this submission: 1/1.
Question134
Marks: 1
Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question135Marks: 1
A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question136Marks: 1
____ occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized, also enter.
Choose one answer.
a. Crowdsurfing
b. Tailgating
c. Freeloading
d. Hitchhiking
CorrectMarks for this submission: 1/1.
Question137Marks: 1
Effective management includes planning and ____.
Choose one answer.
a. organizing
b. leading
c. controlling
d. All of the above
CorrectMarks for this submission: 1/1.
Question138Marks: 1
The ____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.
Choose one answer.
a. Sarbanes-Oxley Act
b. Gramm-Leach-Bliley Act
c. U.S.A. Patriot Act
d. Security and Freedom through Encryption Act
CorrectMarks for this submission: 1/1.
Question139Marks: 1
A starting scanner is one that initiates traffic on the network in order to determine security holes.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question140Marks: 1
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, which is often referred to as a bottom-up approach.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question141
Marks: 1
One form of online vandalism is ____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
Choose one answer.
a. hacktivist
b. phvist
c. hackcyber
d. cyberhack
CorrectMarks for this submission: 1/1.
Question142Marks: 1
Every organization needs to develop an information security department or program of its own.
Answer:
True False
IncorrectMarks for this submission: 0/1.
Question143Marks: 1
Direct attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat.
Answer:
True False
IncorrectMarks for this submission: 0/1.
Question144Marks: 1
The ____ position is typically considered the top information security officer in the organization.
Choose one answer.
a. CISO
b. CFO
c. CTO
d. CEO
CorrectMarks for this submission: 1/1.
Question145Marks: 1
CBAs cannot be calculated after controls have been functioning for a time.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question146Marks: 1
Which of the following is a valid type of data ownership?
Choose one answer.
a. Data owners
b. Data custodians
c. Data users
d. All of the above
CorrectMarks for this submission: 1/1.
Question147Marks: 1
The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.
Choose one answer.
a. Standard HTTP
b. SFTP
c. S-HTTP
d. SSL Record Protocol
CorrectMarks for this submission: 1/1.
Question148Marks: 1
The model used often by large organizations places the information security department within the ____ department.
Choose one answer.
a. management
b. information technology
c. financial
d. production
CorrectMarks for this submission: 1/1.
Question149Marks: 1
The CA periodically distributes a(n) ____ to all users that identifies all revoked certificates.
Choose one answer.
a. CRL
b. RA
c. MAC
d. AES
IncorrectMarks for this submission: 0/1.
Question150Marks: 1
The application gateway is also known as a(n) ____.
Choose one answer.
a. application-level firewall
b. client firewall
c. proxy firewall
d. All of the above
CorrectMarks for this submission: 1/1.
Question151Marks: 1
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base.
Choose one answer.
a. fingernails
b. fingerprints
c. signatures
d. footprints
CorrectMarks for this submission: 1/1.
Question152Marks: 1
A(n) ____ is a proposed systems user.
Choose one answer.
a. authenticator
b. challenger
c. supplicant
d. activator
IncorrectMarks for this submission: 0/1.
Question153Marks: 1
Which of the following ports is commonly used for the HTTP protocol?
Choose one answer.
a. 20
b. 25
c. 53
d. 80
CorrectMarks for this submission: 1/1.
Question154Marks: 1
The ____ model consists of six general phases.
Choose one answer.
a. pitfall
b. 5SA&D
c. waterfall
d. SysSP
CorrectMarks for this submission: 1/1.
Question155Marks: 1
Symmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question156Marks: 1
Civil law addresses activities and conduct harmful to society and is actively enforced by the state.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question157Marks: 1
Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question158Marks: 1
ALE determines whether or not a particular control alternative is worth its cost.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question159Marks: 1
____ are software programs that hide their true nature, and reveal their designed behavior only when activated.
Choose one answer.
a. Viruses
b. Worms
c. Spam
d. Trojan horses
CorrectMarks for this submission: 1/1.
Question160Marks: 1
A wet-pipe system is usually considered appropriate in computer rooms.
Answer:
True False
IncorrectMarks for this submission: 0/1.
Question161Marks: 1
The ____ process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization.
Choose one answer.
a. ASP
b. ISP
c. SVP
d. PSV
CorrectMarks for this submission: 1/1.
Question162Marks: 1
HIPAA specifies particular security technologies for each of the security requirements to ensure the privacy of the health-care information.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question163Marks: 1
A(n) registration authority issues, manages, authenticates, signs, and revokes users’ digital certificates, which typically contain the user name, public key, and other identifying information.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question164Marks: 1
All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question165Marks: 1
Grounding ensures that the returning flow of current is properly discharged to the ground.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question166Marks: 1
A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee’s actions.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question167Marks: 1
As an alternative view of the way data flows into the monitoring process, a(n) ____ approach may prove useful.
Choose one answer.
a. DTD
b. DFD
c. Schema
d. ERP
CorrectMarks for this submission: 1/1.
Question168Marks: 1
In most cases, organizations look for a technically qualified information security generalist who has a solid understanding of how an organization operates.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question169Marks: 1
Security ____ are the areas of trust within which users can freely communicate.
Choose one answer.
a. perimeters
b. domains
c. rectangles
d. layers
CorrectMarks for this submission: 1/1.
Question170Marks: 1
____ applications use a combination of techniques to detect an intrusion and then trace it back to its source.
Choose one answer.
a. Trace and treat
b. Trap and trace
c. Treat and trap
d. Trace and clip
CorrectMarks for this submission: 1/1.
Question171Marks: 1
Hash algorithms are public functions that create a hash value by converting variable-length messages into a single fixed-length value.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question172Marks: 1
Traces, formally known as ICMP Echo requests, are used by internal systems administrators to ensure that clients and servers can communicate.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question173Marks: 1
A famous study entitled “Protection Analysis: Final Report” was published in ____.
Choose one answer.
a. 1868
b. 1978
c. 1988
d. 1998
CorrectMarks for this submission: 1/1.
Question174Marks: 1
In the ____ UPS, the internal components of the standby models are replaced with a pair of inverters and converters.
Choose one answer.
a. line-interactive
b. ferroresonant
c. true online
d. offline
CorrectMarks for this submission: 1/1.
Question175Marks: 1
A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
Choose one answer.
a. IP
b. FCO
c. CTO
d. HTTP
CorrectMarks for this submission: 1/1.
Question176Marks: 1
Information security should be visible to the users.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question177Marks: 1
SHA-1 produces a(n) _____-bit message digest, which can then be used as an input to a digital signature algorithm.
Choose one answer.
a. 48
b. 56
c. 160
d. 256
Correct
Marks for this submission: 1/1.
Question178Marks: 1
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
Choose one answer.
a. confidential
b. secret
c. top secret
d. sensitive
CorrectMarks for this submission: 1/1.
Question179Marks: 1
A(n) disaster recovery plan dictates the actions an organization can and perhaps should take while an incident is in progress.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question180Marks: 1
Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question181Marks: 1
Every state has implemented uniform laws and regulations placed on organizational use of computer technology.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question182Marks: 1
According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents.
Choose one answer.
a. infoterrorism
b. cyberterrorism
c. hacking
d. cracking
CorrectMarks for this submission: 1/1.
Question183Marks: 1
Redundancy can be implemented at a number of points throughout the security architecture, such as in ____.
Choose one answer.
a. firewalls
b. proxy servers
c. access controls
d. All of the above
CorrectMarks for this submission: 1/1.
Question184Marks: 1
An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question185Marks: 1
A variation of the dry-pipe system is the pre-action system, which has a two-phase response to a fire.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question186Marks: 1
One approach that can improve the situational awareness of the information security function uses a process known as ____ to quickly identify changes to the internal environment.
Choose one answer.
a. baseline
b. difference analysis
c. differential
d. revision
CorrectMarks for this submission: 1/1.
Question187Marks: 1
A(n) ____, typically prepared in the analysis phase of the SecSDLC, must be reviewed and verified prior to the development of the project plan.
Choose one answer.
a. RFP
b. WBS
c. SDLC
d. CBA
CorrectMarks for this submission: 1/1.
Question188Marks: 1
A common form of mechanical locks are electric strike locks, which (usually) require people to announce themselves before being “buzzed” through a locked door.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question189Marks: 1
ISA Server can use ____ technology.
Choose one answer.
a. PNP
b. Point to Point Tunneling Protocol
c. RAS
d. All of the above
CorrectMarks for this submission: 1/1.
Question190Marks: 1
The concept of competitive ____ refers to falling behind the competition.
Choose one answer.
a. disadvantage
b. drawback
c. failure
d. shortcoming
CorrectMarks for this submission: 1/1.
Question191Marks: 1
DES uses a 64-bit key.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question192Marks: 1
A fully distributed IDPS control strategy is the opposite of the centralized strategy.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question193Marks: 1
Qualitative-based measures are comparisons based on numerical standards, such as numbers of successful attacks.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question194Marks: 1
In ____ mode, the data within an IP packet is encrypted, but the header information is not.
Choose one answer.
a. tunnel
b. transport
c. public
d. symmetric
CorrectMarks for this submission: 1/1.
Question195Marks: 1
Static filtering is common in network routers and gateways.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question196Marks: 1
Each organization has to determine its own project management methodology for IT and information security projects.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question197Marks: 1
Policies are written instructions for accomplishing a specific task.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question198Marks: 1
Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system.
Answer:
True False
CorrectMarks for this submission: 1/1.
Question199Marks: 1
Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____.
Choose one answer.
a. filtering
b. doorknob rattling
c. footprinting
d. fingerprinting
CorrectMarks for this submission: 1/1.
Question200Marks: 1
Benefit is the value that an organization realizes by using controls to prevent losses associated with a specific vulnerability.
Answer:
True False
CorrectMarks for this submission: 1/1.