chapter 1-5

5/14/2018 chapter 1-5 - slidepdf.com

http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 1/31

Review Test Submission: Assignment 1

Content

User stephen saan-ire

Course CIS280_01_SP12

Test Assignment 1

Started 1/18/12 7:52 PM

Submitted 1/18/12 8:42 PM

Status Completed

Score 100 out of 100 points

Time Elapsed 49 minutes out of 1 hour and 15 minutes.

Instructions

Question 1

4 out of 4 points

____ presents a comprehensive information security model and has become a widely

accepted evaluation standard for the security of information systems.

Answer

Selected Answer: a.

NSTISSI No. 4011

Question 2

4 out of 4 points

The ____ model consists of six general phases.

Answer

Selected Answer: c.

waterfall

Question 3

4 out of 4 points

A(n) ____ attack is a hacker using a personal computer to break into a system.

Answer

Selected Answer: d.

direct

Question 4

4 out of 4 points

Information security can be an absolute.

Answer



Selected Answer: False

Question 5

4 out of 4 points

____ was the first operating system to integrate security as its core functions.Answer

Selected Answer: b.MULTICS

Question 6

4 out of 4 points

The value of information comes from the characteristics it possesses.

Answer

Selected Answer: True

Question 7

4 out of 4 points

____ is the predecessor to the Internet.

Answer

Selected Answer: c.

ARPANET

Question 8

4 out of 4 points

A famous study entitled “Protection Analysis: Final Report” was published in ____.

Answer

Selected Answer: b.

1978

Question 9

4 out of 4 points

The most successful kind of top-down approach involves a formal development strategy

referred to as a ____.

Answer

Selected Answer: a.

systems development life cycle

Question 10

4 out of 4 points

Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss.



____ dictates what steps are taken when an attack occurs.

Answer

Selected Answer: a.

Incident response

Question 11

4 out of 4 points

In file hashing, a file is read by a special algorithm that uses the value of the bits in the fileto compute a single large number called a ____ value.

Answer

Selected Answer: a.

hash

Question 12

4 out of 4 points

____ of information is the quality or state of being genuine or original.

Answer

Selected Answer: d.

Authenticity

Question 13

4 out of 4 points

Organizations are moving toward more ____-focused development approaches, seeking to

improve not only the functionality of the systems they have in place, but consumer

confidence in their product.

Answer

Selected Answer: b.

security

Question 14

4 out of 4 points

____ security addresses the issues necessary to protect the tangible items, objects, or areas

of an organization from unauthorized access and misuse.

Answer

Selected Answer: b.

Physical

Question 15

4 out of 4 points

The primary threats to security during the early years of computers were physical theft of equipment, espionage against the products of the systems, and sabotage.



Answer


Question 16

4 out of 4 points

The physical design is the blueprint for the desired solution.Answer


Question 17

4 out of 4 points

An information system is the entire set of ____, people, procedures, and networks that

make possible the use of information resources in the organization.

Answer

Selected Answer: d.

All of the above

Question 18

4 out of 4 points

People with the primary responsibility for administering the systems that house theinformation used by the organization perform the ____ role.

Answer

Selected Answer: d.

system administrators

Question 19

4 out of 4 points

During the ____ phase, specific technologies are selected to support the alternatives

identified and evaluated in the logical design.

Answer

Selected Answer: b.physical design

Question 20

4 out of 4 points

A computer is the ____ of an attack when it is used to conduct the attack.

Answer

Selected Answer: a.

subject

Question 21



4 out of 4 points

Which of the following is a valid type of data ownership?

Answer

Selected Answer: d.

All of the above

Question 22

4 out of 4 points

The ____ is a methodology for the design and implementation of an information system in

an organization.

Answer

Selected Answer: a.

SDLC

Question 23

4 out of 4 points

The roles of information security professionals are aligned with the goals and mission of

the information security community of interest.Answer


Question 24

4 out of 4 points

Which of the following phases is the longest and most expensive phase of the systemsdevelopment life cycle?

Answer

Selected Answer: d.

maintenance and change

Question 25

4 out of 4 points

The ____ is the individual primarily responsible for the assessment, management, andimplementation of information security in the organization.

Answer

Selected Answer: b.

CISO

Wednesday, January 18, 2012 8:42:10 PM CST

OK

http://launch%28%27/webapps/blackboard/content/listContent.jsp?content_id=_390095_1&course_id=_5048_1&nolaunch_after_review=true%27);




Review Test Submission: Assignment 2Content



Test Assignment 2

Started 1/14/12 4:43 PM


Status Completed



Instructions

Question 1

4 out of 4 points

____ is any technology that aids in gathering information about a person or organization without

their knowledge.

Answer

Selected Answer: a.

Spyware

Question 2

4 out of 4 points

Web hosting services are usually arranged with an agreement providing minimum service levels

known as a(n) ____.



Answer

Selected Answer: d.

SLA

Question 3

4 out of 4 points

Complete loss of power for a moment is known as a ____.

Answer

Selected Answer: d.

fault

Question 4

4 out of 4 points

According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against

information, computer systems, computer programs, and data which result in violence against

noncombatant targets by subnational groups or clandestine agents.

Answer

Selected Answer: b.

cyberterrorism

Question 5

4 out of 4 points

In a ____ attack, the attacker sends a large number of connection or information requests to a

target.

Answer

Selected Answer: a.

denial-of-service

Question 6

4 out of 4 points



In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network,

modifies them, and inserts them back into the network.

Answer

Selected Answer: a.

man-in-the-middle

Question 7

4 out of 4 points

Which of the following functions does information security perform for an organization?

Answer

Selected Answer: d.

All of the above

Question 8

4 out of 4 points

____ is an integrated system of software, encryption methodologies, and legal agreements that

can be used to support the entire information infrastructure of an organization.

Answer

Selected Answer: d.

PKI

Question 9

4 out of 4 points

____ are machines that are directed remotely (usually by a transmitted command) by the

attacker to participate in an attack.

Answer

Selected Answer: a.

Zombies

Question 10



4 out of 4 points

“4-1-9” fraud is an example of a ____ attack.

Answer

Selected Answer: c.

social engineering

Question 11

4 out of 4 points

The ____ data file contains the hashed representation of the user’s password.

Answer

Selected Answer: d.

SAM

Question 12

4 out of 4 points

Information security safeguards the technology assets in use at the organization.

Answer


Question 13

4 out of 4 points

There are generally two skill levels among hackers: expert and ____.

Answer

Selected Answer: a.

Novice

Question 14

4 out of 4 points

A number of technical mechanisms—digital watermarks and embedded code, copyright codes,



and even the intentional placement of bad sectors on software media—have been used to

enforce copyright laws.

Answer


Question 15

4 out of 4 points

A ____ is an attack in which a coordinated stream of requests is launched against a target from

many locations at the same time.

Answer

Selected Answer: d.

distributed denial-of-service

Question 16

4 out of 4 points

Acts of ____ can lead to unauthorized real or virtual actions that enable information gatherers to

enter premises or systems they have not been authorized to enter.

Answer

Selected Answer: a.

trespass

Question 17

4 out of 4 points

As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus

____.

Answer

Selected Answer: b.

hoaxes

Question 18

4 out of 4 points



____ are software programs that hide their true nature, and reveal their designed behavior only

when activated.

Answer

Selected Answer: c.

Trojan horses

Question 19

4 out of 4 points

Which of the following is an example of a Trojan horse program?

Answer

Selected Answer: b.

Happy99.exe

Question 20

4 out of 4 points

The ____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on

the network.

Answer

Selected Answer: c.

TCP

Question 21

4 out of 4 points

Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is

longer than ____ characters in Internet Explorer 4.0, the browser will crash.

Answer

Selected Answer: C.

256

Question 22



4 out of 4 points

Forces of nature, force majeure, or acts of God can present some of the most dangerous threats,

because they are usually occur with very little warning and are beyond the control of people.

Answer


Question 23

4 out of 4 points

Information security’s primary mission is to ensure that systems and their contents retain their

confidentiality at all costs.

Answer


Question 24

4 out of 4 points

One form of online vandalism is ____ operations, which interfere with or disrupt systems to

protest the operations, policies, or actions of an organization or government agency.

Answer

Selected Answer: b.

hacktivist

Question 25

4 out of 4 points

A sniffer program shows all the data going by on a network segment including passwords, the

data inside files—such as word-processing documents—and screens full of sensitive data from

applications.

Answer


Saturday, January 14, 2012 5:27:39 PM CST

OK






Content



Test Assignment 3

Started 1/15/12 7:09 PM


Status Completed



Instructions

Question 1

4 out of 4 points

Which of the following countries reported generally intolerant attitudes toward personal use of

organizational computing resources?

Answer

Selected Answer: c.

Singapore

Question 2

4 out of 4 points

What is the subject of the Computer Security Act?

Answer

Selected Answer: c.


























Federal Agency Information Security

Question 3

4 out of 4 points

Which of the following acts is also widely known as the Gramm-Leach-Bliley Act?

Answer

Selected Answer: d.

Financial Services Modernization Act

Question 4

4 out of 4 points

What is the subject of the Sarbanes-Oxley Act?

Answer

Selected Answer: a.

Financial Reporting

Question 5

4 out of 4 points

The ____ of 1999 provides guidance on the use of encryption and provides protection from

government intervention.

Answer

Selected Answer: b.

Security and Freedom through Encryption Act

Question 6

4 out of 4 points

The Information Systems Security Association (ISSA) is a nonprofit society of information security

professionals whose primary mission is to bring together qualified information security

practitioners for information exchange and educational development.




























Answer


Question 7

4 out of 4 points

The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal

laws and enforcement efforts.

Answer

Selected Answer: a.

Fraud

Question 8

4 out of 4 points

The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act,

protects the confidentiality and security of health care data by establishing and enforcing

standards and by standardizing electronic data interchange.

Answer

Selected Answer: b.

Health Insurance

Question 9

4 out of 4 points

According to the National Information Infrastructure Protection Act of 1996, the severity of the

penalty for computer crimes depends on the value of the information obtained and whether the

offense is judged to have been committed for each of the following except ____.

Answer

Selected Answer: b.

to harass

Question 10

4 out of 4 points






























The National Information Infrastructure Protection Act of 1996 modified which Act?

Answer

Selected Answer: a.

Computer Fraud and Abuse Act

Question 11

4 out of 4 points

Criminal or unethical ____ goes to the state of mind of the individual performing the act.

Answer

Selected Answer: b.

intent

Question 12

4 out of 4 points

The Privacy of Customer Information Section of the common carrier regulation states that any

proprietary information shall be used explicitly for providing services, and not for any ____

purposes.

Answer

Selected Answer: c.

marketing

Question 13

4 out of 4 points

____ attempts to prevent trade secrets from being illegally shared.

Answer

Selected Answer: a.

Economic Espionage Act

Question 14





























4 out of 4 points

Individuals with authorization and privileges to manage information within the organization are

most likely to cause harm or damage ____.

Answer

Selected Answer: a.

by accident

Question 15

4 out of 4 points

Which of the following acts defines and formalizes laws to counter threats from computer relatedacts and offenses?

Answer

Selected Answer: c.

Computer Fraud and Abuse Act

Question 16

4 out of 4 points

The NSA is responsible for signal intelligence and information system security.

Answer


Question 17

4 out of 4 points

____ law comprises a wide variety of laws that govern a nation or state.

Answer

Selected Answer: b.

Civil

Question 18

4 out of 4 points





























Laws and policies and their associated penalties only deter if which of the following conditions is

present?

Answer

Selected Answer: d.

All of the above

Question 19

4 out of 4 points

____ defines stiffer penalties for prosecution of terrorist crimes.

Answer

Selected Answer: a.

USA Patriot Act

Question 20

4 out of 4 points

____ law regulates the structure and administration of government agencies and their

relationships with citizens, employees, and other governments.

Answer

Selected Answer: b.

Public

Question 21

4 out of 4 points

The Secret Service is charged with the detection and arrest of any person committing a United

States federal offense relating to computer fraud and false identification crimes.

Answer


Question 22

4 out of 4 points






























The Department of Homeland Security is the only U.S. federal agency charged with the protection

of American information resources and the investigation of threats to, or attacks on, the

resources.

Answer


Question 23

4 out of 4 points

The Council of Europe adopted the Convention of CyberCrime in ____.

Answer

Selected Answer: d.

2001

Question 24

4 out of 4 points

Established in January 2001, the National InfraGard Program began as a cooperative effort

between the FBI’s Cleveland Field Office and local technology professionals.

Answer


Question 25

4 out of 4 points

Which of the following acts is a collection of statutes that regulate the interception of wire,

electronic, and oral communications?

Answer

Selected Answer: d.

Electronic Communications Privacy Act

Sunday, January 15, 2012 7:55:56 PM CST

OK

































ContentUser stephen saan-ire


Test Assignment 4

Started 1/29/12 3:30 PM


Status Completed


Time Elapsed 50 minutes out of 1 hour and 15 minutes.Instructions

Question 1

4 out of 4 points

The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the

outcome of its exploitation.Answer

Selected Answer: a.accept control

Question 2

4 out of 4 points

____ feasibility analysis examines user acceptance and support, management acceptanceand support, and the overall requirements of the organization’s stakeholders.

Answer

Selected Answer: b.Operational

Question 3

4 out of 4 points

When organizations adopt levels of security for a legal defense, they may need to show

that they have done what any prudent organization would do in similar circumstances.

This is referred to as a(n) ____.Answer



Selected Answer: a.

standard of due care

Question 4

4 out of 4 points

The concept of competitive ____ refers to falling behind the competition.Answer

Selected Answer: b.disadvantage

Question 5

4 out of 4 points

In a(n) _____, each information asset is assigned a score for each of a set of assignedcritical factor.

Answer

Selected Answer: b.

weighted factor analysis

Question 6

4 out of 4 points

The ____ strategy attempts to shift risk to other assets, other processes, or otherorganizations.

Answer

Selected Answer: d.

transfer control

Question 7

4 out of 4 points

The first phase of risk management is ____.

Answer

Selected Answer: c.

risk identification

Question 8

4 out of 4 points



The ____ security policy is an executive-level document that outlines the organization’s

approach and attitude towards information security and relates the strategic value of

information security within the organization.

Answer

Selected Answer: d.general

Question 9

4 out of 4 points

There are individuals who search trash and recycling — a practice known as ____ — to

retrieve information that could embarrass a company or compromise information security.

Answer

Selected Answer: b.

dumpster diving

Question 10

4 out of 4 points

____ equals likelihood of vulnerability occurrence times value (or impact) minus

percentage risk already controlled plus an element of uncertainty.

AnswerSelected Answer: b.

Risk

Question 11

4 out of 4 points

Risk ____ defines the quantity and nature of risk that organizations are willing to accept

as they evaluate the tradeoffs between perfect security and unlimited accessibility.

Answer

Selected Answer: d.

appetite

Question 12

4 out of 4 points

The actions an organization can and perhaps should take while an incident is in progress

should be specified in a document called the ____ plan.Answer



Selected Answer: a.

IR

Question 13

4 out of 4 points

The ____ security policy is a planning document that outlines the process of implementing security in the organization.

Answer

Selected Answer: d.

program

Question 14

4 out of 4 points

____ plans usually include all preparations for the recovery process, strategies to limit

losses during the disaster, and detailed steps to follow when the smoke clears, the dust

settles, or the floodwaters recede.

Answer

Selected Answer: b.

DR

Question 15

4 out of 4 points

The formal decision making process used when consider the economic feasibility of implementing information security controls and safeguards is called a(n) ____.

Answer

Selected Answer: a.

CBA

Question 16

4 out of 4 points

In the U.S. military classification scheme, ____ data is any information or material the

unauthorized disclosure of which reasonably could be expected to cause damage to the

national security.

Answer

Selected Answer: b.confidential



Question 17

4 out of 4 points

____ policies address the particular use of certain systems.

Answer

Selected Answer: c.

Systems-specific

Question 18

4 out of 4 points

The ____ strategy attempts to prevent the exploitation of the vulnerability.

Answer

Selected Answer: a.

defend control

Question 19

4 out of 4 points

____ addresses are sometimes called electronic serial numbers or hardware addresses.

AnswerSelected Answer: c.

MAC

Question 20

4 out of 4 points

Risk ____ is the application of controls to reduce the risks to an organization’s data and

information systems.

Answer

Selected Answer: d.

control

Question 21

4 out of 4 points

A(n) ____ is an authorization issued by an organization for the repair, modification, or

update of a piece of equipment.Answer



Selected Answer: c.

FCO

Question 22

4 out of 4 points

The military uses a _____-level classification scheme.Answer

Selected Answer: c.five

Question 23

4 out of 4 points

____ is simply how often you expect a specific type of attack to occur.Answer

Selected Answer: a.

ARO

Question 24

4 out of 4 points

Management of classified data includes its storage and ____.

Answer

Selected Answer: d.

All of the above

Question 25

4 out of 4 points

Many corporations use a ____ to help secure the confidentiality and integrity of

information.Answer

Selected Answer: c.data classification scheme

Sunday, January 29, 2012 4:21:27 PM CST

OK






Content



Test Assignment 5

Started 2/8/12 9:57 PM


Status Completed



Instructions

Question 1

4 out of 4 points

The first phase in the development of the contingency planning process is the ____.

Answer

Selected Answer: b.

BIA

Question 2

4 out of 4 points

Standards may be published, scrutinized, and ratified by a group, as in formal or ____standards.

Answer

Selected Answer: a.

de jure

Question 3

4 out of 4 points

The ____ is based on and directly supports the mission, vision, and direction of the

organization and sets the strategic direction, scope, and tone for all security efforts.

Answer

Selected Answer: a.

EISP

Question 4

4 out of 4 points













































____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity

based on previous baselines.

Answer

Selected Answer: c.

Network

Question 5

4 out of 4 points

RAID ____ drives can be hot swapped.Answer

Selected Answer: d.5

Question 6

4 out of 4 points

The spheres of ____ are the foundation of the security framework and illustrate how

information is under attack from a variety of sources.Answer

Selected Answer: b.

security

Question 7

4 out of 4 points

Redundancy can be implemented at a number of points throughout the security

architecture, such as in ____.

Answer

Selected Answer: d.

All of the above

Question 8

4 out of 4 points

The transfer of large batches of data to an off-site facility is called ____.

Answer

Selected Answer: c.

electronic vaulting

Question 9

4 out of 4 points

The SETA program is the responsibility of the ____ and is a control measure designed to

reduce the incidences of accidental security breaches by employees.Answer


















































Selected Answer: b.

CISO

Question 10

4 out of 4 points

An alert ____ is a document containing contact information for the people to be notified in

the event of an incident.

Answer

Selected Answer: d.

roster

Question 11

4 out of 4 points

What country adopted ISO/IEC 17799?

Answer

Selected Answer: d.

None of the above

Question 12

4 out of 4 points

____ controls cover security processes that are designed by strategic planners andimplemented by the security administration of the organization.

Answer

Selected Answer: d.

Managerial

Question 13

4 out of 4 points

Effective management includes planning and ____.

Answer

Selected Answer: d.All of the above

Question 14

4 out of 4 points

____ controls address personnel security, physical security, and the protection of

production inputs and outputs.

Answer

Selected Answer: c.

Operational
















































Question 15

4 out of 4 points

A security ____ is an outline of the overall information security strategy for the

organization and a roadmap for planned changes to the information security environment

of the organization.Answer

Selected Answer: c.

framework

Question 16

4 out of 4 points

Incident damage ____ is the rapid determination of the scope of the breach of the

confidentiality, integrity, and availability of information and information assets during or

just following an incident.Answer

Selected Answer: b.assessment

Question 17

4 out of 4 points

The Security Area Working Group acts as an advisory board for the protocols and areas

developed and promoted by the Internet Society and the ____.

Answer

Selected Answer: d.

IETF

Question 18

4 out of 4 points

A buffer against outside attacks is frequently referred to as a(n) ____.Answer

Selected Answer: d.

DMZ

Question 19

4 out of 4 points

____ often function as standards or procedures to be used when configuring or maintaining

systems.

Answer

Selected Answer: d.

SysSPs

Question 20




















































4 out of 4 points

The stated purpose of ____ is to “give recommendations for information security

management for use by those who are responsible for initiating, implementing, or

maintaining security in their organization.”

Answer

Selected Answer: b.

ISO/IEC 27002

Question 21

4 out of 4 points

Strategic planning is the process of moving the organization towards its ____.

Answer

Selected Answer: b.

vision

Question 22

4 out of 4 points

A ____ site provides only rudimentary services and facilities.

Answer

Selected Answer: d.

cold

Question 23

4 out of 4 points

A(n) ____ plan deals with the identification, classification, response, and recovery from anincident.

Answer

Selected Answer: c.

IR

Question 24

4 out of 4 points

Security ____ are the areas of trust within which users can freely communicate.

Answer

Selected Answer: d.

domains

Question 25

4 out of 4 points

SP 800-14, Generally Accepted Principles and Practices for Securing InformationTechnology Systems, provides best practices and security principles that can direct the



















































security team in the development of a security ____.

Answer

Selected Answer: a.

blueprint

Wednesday, February 8, 2012 10:50:16 PM CST

OK








Date post:	16-Jul-2015
Category:	Documents
Upload:	saanire
View:	32,352 times
Download:	0 times

chapter 1-5

Documents