logo image

Secruity + ( ALL QUIZ mistake)

The Authorize step of the NIST six-step approach to the risk management framework involves all but which of the following tasks?
determine if the cost/benefit ratio is acceptable
assemble the security authorization package
prepare the plan of action and develop milestones
determine the risk to organizational operations
determine if the cost/benefit ratio is acceptable
Network firewall entry and exit points are called ____.
proxies
gateways
sockets
ports
ports

Which statement represents a packet-filtering best practice?

Any inbound packet must have a source address that is in your internal network

Keep all packets that use the IP header source routing feature.

If your Web server is located behind the firewall, you need to allow HTTP or HTTPS (S-HTTP) data through for the Internet at large to view it.

Any outbound packet must not have a source address that is in your internal network.

If your Web server is located behind the firewall, you need to allow HTTP or HTTPS (S-HTTP) data through for the Internet at large to view it.
Which statement represents a packet-filtering best practice?
Any inbound packet must have a source address that is in your internal networkKeep all packets that use the IP header source routing feature.

If your Web server is located behind the firewall, you need to allow HTTP or HTTPS (S-HTTP) data through for the Internet at large to view it.

Any outbound packet must not have a source address that is in your internal network.

If your Web server is located behind the firewall, you need to allow HTTP or HTTPS (S-HTTP) data through for the Internet at large to view it.
What protocol breaks a message into numbered segments so that it can be transmitted?
IP
UDP
ICMP
NAT
UDP
Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines?
programs
planning
policy
people
policy
The use of ____ is required to achieve RSN compliance.
WPA2
EAP
TKIP
CCMP
CCMP ( Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
Which of the following is a C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information?
Confidentiality
Availability
Integrity
Authentication
Confidentiality
Which wireless modulation technique addresses the transmission of the data stream that has been properly encoded onto the radio signal?
BPSK
Spread-spectrum transmission
QPSK
QAM
Spread-spectrum transmission
____ is an attack that sends unsolicited messages to Bluetooth-enabled devices.
Bluecracking
Bluesnarfing
Bluetalking
Bluejacking
Bluejacking
Which law requires mandatory periodic training in computer security awareness and accepted computer security practice for all employees who are involved with the management, use, or operation of each federal computer system?
National Information Infrastructure Protection Act
Computer Fraud and Abuse Act
The Computer Security Act
The Telecommunications Deregulation and Competition Act
The Computer Security Act
Known as the ping service, use of ____ traffic is a common method for hacker reconnaissance and should be turned off to prevent snooping.
UDP
ICMP
IPconfig
SMTP
ICMP
Who is responsible for maintaining control of the field evidence log and locker?
Incident manager
Imager
Scribe
Forensic examiner
Scribe
In large organizations, ____ are skilled in the operations of particular tools used to gather the analysis information.
forensic analysts
forensic examiners
incident managers
application programmers
forensic examiners
Which of the following InfoSec measurement specifications makes it possible to define success in the security program?
establishing targets
prioritization and selection
development approach
measurements templates
establishing targets
Which type of security policy is intended to provide a common understanding of the purposes for which an employee can and cannot use a resource?
user-specific
issue-specific
system-specific
enterprise information
issue-specific
EAP request packets are issued by the ____.
proxy
authenticator
supplicant
authentication server
authenticatior
Which type of planning is used to organize the ongoing, day-to-day performance of tasks?
Tactical
Strategic
Organizational
Operational
Operational
A risk assessment is performed during which phase of the SecSDLC?
investigation
implementation
design
analysis
analysis
____ is a framework for transporting authentication protocols instead of the authentication protocol itself.
PEAP
TKIP
SSL
EAP
EAP (Extensible Authentication Protocol)
Two examples of security best practices include: “Decision paper on use of screen warning banner”, and “Sample warning banner from the NLRB”. Under which best security practice area do these two examples fall?
policy and procedures
identification and authentication
personnel security
logical access controls
Logical access controls
The IEEE 802.15.1-2005 Wireless Personal Area Network standard was based on the ____ specifications.
Bluetooth v 1.0
Bluetooth v1.2
Bluetooth v 1.1
Bluetooth v2.1
Bluetooth v1.2

The basic outcomes of InfoSec governance should include all but which of the following?

Time management by aligning resources with personnel schedules and organizational objectives

Value delivery by optimizing InfoSec investments in support of organizational objectives

Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved

Resource management by utilizing information security knowledge and infrastructure efficiently and effectively

Resource management by utilizing information security knowledge and infrastructure efficiently and effectively
____ involves horizontally separating words, although it is still readable by the human eye.
GIF layering
Geometric variance
Layer variance
Word splitting
Word splitting
Application ____ are control devices that can restrict internal users from unlimited access to the Internet.
appliances
programs
proxies
gateways
proxies
A collection of BSSs connected by one or more DSs is referred to as an ____ service set (ESS).
eccentric
electric
elaborate
extended
extended
Which of the following is Tier 3 (indicating tactical risk) of the tiered risk management approach?
organization
mission/business process
information system
accounting/logistics
information system
Which of the following is the study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences and is also known as duty- or obligation-based ethics?
Meta-ethics
Applied ethics
Deontological ethics
Normative ethics
Denotological ethics
What do audit logs that track user activity on an information system provide?
authentication
accountability
authorization
identification
accountability
A ____ virus infects program executable files.
program
macro
companion
boot sector
Program
____ builds on the encoding format of the MIME protocol and uses digital signatures based on public-key cryptosystems to secure e-mail.
SSH
PGP
S/MIME
SSL
s/MIME
The most basic type of cryptographic algorithm is a ____ algorithm.
hash
block
digest
key
Hash
Which cipher simply rearranges the values within a block to create the ciphertext?
Vigenère Square
Substitution
Caesar
Transposition
Transposition
The____ is a symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES.
Twofish
RSA
3DES
AES
AES ( Advanced Encryption Standard)
In large organizations, ____ know operating systems and networks as well as how to interpret the information gleaned by the examiners.
forensic analysts
application programmers
incident managers
forensic examiners
forensic analysts
Symmetric encryption is also called ____ cryptography.
private key
shared key
symmetric key
public key
private key
The most common hybrid cryptography system is based on the ____ key exchange, which is a method for exchanging private keys using public-key encryption.
DES
MAC
RSA
Diffie-Hellman
Diffie-Hellman
When deploying ciphers, users have to decide on the ____ of the cryptovariable or key.
symmetry
size
transportability
security
Size
The algorithm ____ is a block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits.
3DES
RSA
Blowfish
AES
Blowfish
The ____ provides recommended baseline security requirements for the use and operation of CA, RA, and other PKI components.
CP
AP
DP
LP
CP (Certificate Policy)
A(n) ____ is used to sniff network traffic.
scribe
write blocker
Ethernet tap
cartwheeler
Ethernet tap
At the ____ stage of the certificate life cycle, the certificate is no longer valid.
suspension
creation
expiration
revocation
revocation
Which symmetric encryption cryptosystems was developed to replace both DES and 3DES?
AES
WEP
DES
RSA
AES (Advanced Encryption Standard)
Which audience is interested in analysis report issues in terms of compliance with organizational policies?
Forensic experts
Upper management
Attorneys
Auditors
Auditors
____ is text that has no formatting (such as bolding or underlining) applied.
Simpletext
Plain text
Plaintext
Simple text
Plain text
Digital ____ authenticate the cryptographic key that is embedded in the certificate.
certificates
signatures
hashes
logs
Certificate
A ____ cipher rearranges letters without changing them.
loop
block
substitution
transposition
transportion
____ is an open-source protocol framework for security development within the TCP/IP family of protocol standards.
IPSec
RSA
SSL
SSH
IPSec (Internet Protocol Security )
The ____ protocol is used for public-key encryption to secure a channel over the Internet.
RSA
SSL
IPSec
SSH
SSL (Secure Sockets Layer)
A disadvantage of hardware imaging platforms is that they are ____.
time consuming
costly
unreliable
fragmented
costly
At the ____ stage of the certificate life cycle, the certificate can no longer be used.
creation
revocation
suspension
expiration
expiration
____ accepts spoken words for input as if they had been typed on the keyboard.
Speech recognition
Linguistic recognition
Speech differentiation
Text recognition
Speech recognition
Microsoft is Windows ____ is a feature of Windows that is intended to provide users with control of their digital identities while helping them to manage privacy.
CryptoAPI
CAPI
MAPI
CardSpace
CardSpace
____ holds the promise of reducing the number of usernames and passwords that users must memorize.
ISO
SSL
SSO
IAM
SSO (Single Sign-ON)
____ allows clients and the server to negotiate independently encryption, authentication, and digital signature methods, in any combination, in both directions.
Telnets
HTTPS
SFTP
SHTTP
SHTTP
Encryption methodologies that require the same secret key to encipher and decipher the message are using ____ encryption or symmetric encryption.
monoalphabetic
private key
monolithic
public key
private key
The primary function of a(n) ____ is to verify the identity of the individual.
PA
RA
DA
CA
RA (registration authority)
____ is using a single authentication credential that is shared across multiple networks.
Risk management
Authorization management
Access management
Identity management
Identity management
Which of the following biometric authentication systems is the most accepted by users?
signature recognition
keystroke pattern recognition
fingerprint recognition
retina pattern recognition
Keystroke pattern recognition
____ is related to the perception, thought process, and understanding of the user.
Reactive biometrics
Standard biometrics
Cognitive biometrics
Affective biometrics
Cognitive biometrics
Due to the limitations of online guessing, most password attacks today use ____.
token replay
hash replay
online cracking
offline cracking
offline cracking
Which of the following is true about symmetric encryption?
uses a secret key to encrypt and decrypt
it requires four keys to hold a conversation
uses a private and public key
it is also known as public key encryption
uses a secret key to encrypt and decrypt
A ____ silently captures and stores each keystroke that a user types on the computer’s keyboard.
worm
rootkit
backdoor
keylogger
keylogger
What is most commonly used for the goal of nonrepudiation in cryptography?
PKI
secret key
digital signature
block cipher
digital signature
Which of the following is a criteria used to compare and evaluate biometric technologies?
false reject rate
crossover correction rate
valid reject rate
valid accept rate
False reject rate
A ____ is an independently rotating large cups affixed to the top of a fence prevent the hands of intruders from gripping the top of a fence to climb over it.
top hat
bollard
roller barrier
fence
roller barrier
Which type of IDPS is also known as a behavior-based intrusion detection system?
host-based
anomaly-based
signature-based
network-based
anomaly-based
If a user typically accesses his bank’s Web site from his home computer on nights and weekends, then this information can be used to establish a ____ of typical access.
computer footprint
system
usage map
beachhead
Computer footprint
____ is a general term that refers to a wide variety of damaging or annoying software programs.
Harmware
Trashware
Malware
Bloatware
Malware
____ is a system of security tools that is used to recognize and identify data that is critical to the organization and ensure that it is protected.
ADP
LLP
DLP
IDS
DLP
A botnet consisting of thousands of zombies enables an attacker to send massive amounts of spam. Some botnets can also harvest e-mail addresses. This is known as ____.
spamming
spreading malware
denying services
manipulating online polls
spamming
____ are combination locks that use buttons which must be pushed in the proper sequence to open the door.
Cipher locks
Reaction locks
Multifactor locks
Biometric locks
Cipher locks
A ____ is a secret combination of letters, numbers, and/or characters that only the user should know.
biometric detail
password
token
challenge
password
____ accepts spoken words for input as if they had been typed on the keyboard.
Speech recognition
Linguistic recognition
Speech differentiation
Text recognition
Speech recognition
____ are hardware devices or software modules that perform encryption to secure data, perform authentication to make sure the host requesting the data is an approved user of the VPN, and perform encapsulation to protect the integrity of the information being sent.
Access points
Tunnels
Concentrators
Endpoints
Endpoints
____ holds the promise of reducing the number of usernames and passwords that users must memorize.
SSL
ISO
IAM
SSO
SSO (Single Sign On)
____ attack is where every possible combination of letters, numbers, and characters is used to create encrypted passwords.
Brute force
Space division
Known plaintext
Known ciphertext
Brute force
Which access control principle is most frequently associated with data classification?
Need to know
Separation of duties
Least privilege
Role based controls
Need to know
Which of the following is a Kerberos service that initially exchanges information with the client and server by using secret keys?
Authentication Client
Key Distribution Center
Ticket Granting Service
Authentication Server
Key Distribution Center
____ can use fingerprints or other unique characteristics of a person’s face, hands, or eyes (irises and retinas) to authenticate a user.
Affective biometrics
Reactive biometrics
Cognitive biometrics
Standard biometrics
Standard biometrics
Once an information asset is identified, categorized, and classified, what must also be assigned to it?
relative value
location ID
asset tag
threat risk
Relative Value
Which of the following is NOT among the typical columns in the ranked vulnerability risk worksheet?
risk-rating factor
uncertainty percentage
vulnerability likelihood
asset impact
uncertainty percentage
Which of the following provides an identification card of sorts to clients who request services in a Kerberos system?
Authentication Server
Authentication Client
Key Distribution Center
Ticket Granting Service
Ticket Granting Service
Which of the following affects the cost of a control?
liability insurancemaintenance
CBA report
asset resale

maintenance
Once a control strategy has been selected and implemented, what should be done on an ongoing basis to determine their effectiveness and to estimate the remaining risk?
monitoring and measurement
analysis and adjustment
review and reapplication
evaluation and funding
monitoring and measurement
Which of the following is a network device attribute that may be used in conjunction with DHCP, making asset-identification using this attribute difficult?
MAC address
part number
IP address
serial number
IP address
Asset classification schemes should categorize information assets based on which of the following?
value and uniqueness
cost and replacement value
sensitivity and security needs
ease of reproduction and fragility
Sensitivity and Security needs
In which phase of the SecSDLC does the risk management task occur?
physical design
implementation
analysis
investigation
analysis
Which of the following determines acceptable practices based on consensus and relationships among the communities of interest.
operational feasibility
technical feasibility
political feasibility
organizational feasibility
Political feasibility
Which technology employs sockets to map internal private network addresses to a public address using a one-to-many mapping?
private address mapping
screened subnet firewall
port-address translation
network-address translation
port-address translation
The identification and assessment of levels of risk in an organization describes which of the following?
Risk analysis
Risk reduction
Risk assessment
Risk identification
Risk analysis
Which of the following is a network device attribute that is tied to the network interface?
IP address
serial number
MAC address
model number
MAC address
Which tool can identify active computers on a network?
trap and trace
packet sniffer
port scanner
honey pot
port scanner
An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?
assessing potential loss
risk determination
uncertainty
likelihood and consequences
Uncertainty

What should you be armed with to adequately assess potential weaknesses in each information asset?

list of known threats
audited accounting spreadsheet
properly classified inventory
intellectual property assessment

properly classified inventory
What is the first phase of the SecSDLC (Security System Developemtn LIfe Cycle) ?
logical design
analysis
investigation
physical design
investigation

Which of the following is a key advantage of the bottom-up approach to security implementation?

a. coordinated planning from upper management

b. strong upper-management support

c. a clear planning and implementation process

d. utilizes the technical expertise of the individual administrators

utilizes the technical expertise of the individual administrator

Each manager in the organization should focus on reducing risk. This is often done within the context of one of the three communities of interest, which includes all but which of the following?

IT management must serve the IT needs of the broader organization

Executive management must develop corporate-wide policies

General management must structure the IT and InfoSec functions

InfoSec management must lead the way with skill, professionalism, and flexibility

Executive management must develop corporate-wide policies
Strategies to limit losses before and during a disaster is covered by which of the following plans in the mitigation control approach?
incident response plan
damage control plan
business continuity plan
disaster recovery plan
disaster recovery plan

The basic outcomes of InfoSec governance

Value delivery by optimizing InfoSec investments in support of organizational objectives

Time management by aligning resources with personnel schedules and organizational objectives

Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved

Resource management by utilizing information security knowledge and infrastructure efficiently and effectively

Time management by aligning resources with personnel schedules and organizational objectives

Which of the following is true about planning?

Strategic plans are used to create tactical plans

Operational plans are used to create tactical plans

Operational plans are used to create strategic plans

Tactical plans are used to create strategic plans

Strategic plans are used to create tactical plans
Which of the following explicitly declares the business of the organization and its intended areas of operations?
vision statement
mission statement
values statement
business statement
mission statement
The ISO 27005 Standard for Information Security Risk Management includes five stages including all but which of the following?
risk determination
risk communication
risk treatment
risk assessment
risk determination

The National Association of Corporate Directors (NACD) recommends four essential practices for boards of directors. Which of the following is NOT one of these recommended practices?

Ensure the effectiveness of the corporation’s InfoSec policy through review and approval

Hold regular meetings with the CIO to discuss tactical InfoSect planning

Assign InfoSec to a key committee and ensure adequate support for that committee

Identify InfoSec leaders, hold them accountable, and ensure support for them

Hold regular meetings with the CIO to discuss tactical InfoSect planning
Which of the following is used in conjunction with an algorithm to make computer data secure from anybody except the intended recipient of the data?
cipher
plaintext
key
cryptosystem
key
Which of the following can be described as the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility?
risk assurance
risk appetite
risk termination
residual risk
risk appetite
Which of the following set the direction and scope of the security process and provide detailed instruction for its conduct?
managerial controls
system controls
technical controls
operational controls
managerial controls
What is the result of subtracting the post-control annualized loss expectancy and the ACS from the pre-control annualized loss expectancy?
exposure factor
annualized rate of occurrence
cost-benefit analysis
single loss expectancy
Cost-benefit analysis
The Microsoft Risk Management Approach includes four phases. Which of the following is NOT one of them?
implementing controls
measuring program effectiveness
InfoSec community analysis
conducting decision support
InfoSec community analysis

Need essay sample on "Secruity + ( ALL QUIZ mistake)"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy