Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
________ can include computer viruses, Trojan horse programs, worms, exploit scripts,
and toolkits.
A. Artifacts
B. Vulnerabilities
C. CSIRT
D. Constituencies
A __________ is directed at the user file at the host where passwords, token passcodes,
or biometric templates are stored.
A. eavesdropping attack
B. client attack
C. denial-of-service attack
D. host attack
________ is a method for minimizing exposure of individual information while
enabling continuous analysis of potentially interconnected data.
A. Immutable audit
B. Selective revelation
C. Associative memory
D. Anonymization
Personal effects, moveable property and goods, such as cars, bank accounts, wages,
securities, a small business, furniture, insurance policies, jewelry, patents, and pets are
all examples of _________.
A. intellectual property
B. real property
C. personal property
D. cyber property
_________ identifies the level of auditing, enumerates the types of auditable events,
and identifies the minimum set of audit-related information provided.
A. Event selection
B. Data generation
C. Automatic response
D. Audit analysis
The security classification for a restricted area containing a security interest is _____.
A. controlled
B. exclusion
C. unrestricted
D. limited
________ is a function that removes specific identifying information from query
results, such as last name and telephone number, but creates some sort of unique
identifier so that analysts can detect connections between queries.
A. Anonymization
B. Data transformation
C. Immutable audit
D. Selective revelation
The basic building block of a __________ is a table of data, consisting of rows and
columns, similar to a spreadsheet.
A. relational database
B. query set
C. DBMS
D. perturbation
The first step in deploying new systems is _________.
A. security testing
B. installing patches
C. planning
D. secure critical content
_______ is movement of data in a business process.
A. Provisioning
B. Workflow automation
C. Revocation
D. Initialization
The objective of the ________ control category is to avoid breaches of any law,
statutory, regulatory, or contractual obligations, and of any security requirements.
A. access
B. asset management
C. compliance
D. business continuity management
An IT security plan should include details of _________.
A. risks
B. recommended controls
C. responsible personnel
D. all of the above
________ need training on the development of risk management goals, means of
measurement, and the need to lead by example in the area of security awareness.
A. Executives
B. Analysts
C. Managers
D. Trainers
_________ is a tool used to automatically identify potentially vulnerable programs.
A. Slamming
B. Sledding
C. Fuzzing
D. All of the above
With _________ the linking to shared library routines is deferred until load time so that
if changes are made any program that references the library is unaffected.
A. statically linked shared libraries
B. dynamically linked shared libraries
C. system linked shared libraries
D. all of the above
_________ control determines the direction in which particular service requests may be
initiated and allowed to flow through the firewall.
A. Behavior
B. User
C. Direction
D. Service
For general-purpose stream-oriented transmission you would typically use _______
mode.
A. CTR
B. CFB
C. ECB
D. CBC
__________ scans for attack signatures in the context of a traffic stream rather than
individual packets.
A. Pattern matching
B. Protocol anomaly
C. Traffic anomaly
D. Stateful matching
A wireless client can be _______.
A. a cell phone
B. a Wi-Fi enabled laptop
C. a Bluetooth device
D. all of the above
Severe messages, such as immediate system shutdown, is a(n) _____ severity.
A. alert
B. emerg
C. crit
D. warning
The most widely used encryption scheme is based on the _________ adopted in 1977
by the National Bureau of Standards.
A. AES
B. 3DES
C. CES
D. DES
A flaw or weakness in a system's design, implementation, or operation and management
that could be exploited to violate the system's security policy is a(n) __________.
A. countermeasure
B. adversary
C. vulnerability
D. risk
An end user who operates on database objects via a particular application but does not
own any of the database objects is the __________.
A. application owner
B. end user other than application owner
C. foreign key
D. administrator
_______ facilities include electrical power, communication services, and environmental
controls such as heat and humidity.
A. Supporting
B. Information
C. Physical
D. All of the above
_______ controls focus on security policies, planning, guidelines, and standards that
influence the selection of operational and technical controls to reduce the risk of loss
and to protect the organization's mission.
A. Management
B. Technical
C. Preventative
D. Supportive
__________ assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information may be
disclosed.
A. Availability
C. System Integrity
B. Privacy
D. Data Integrity
The unit of data exchanged between two peer MAC entities using the services of the
physical layer is a(n) ____________.
A. extended service set
B. MPDU
C. MSDU
D. station
A(n) __________ is any entity that has station functionality and provides access to the
distribution system via the wireless medium for associated stations.
A. ESS
B. access point
C. distribution system
D. MPDU
Combined one byte at a time with the plaintext stream using the XOR operation, a
__________ is the output of the pseudorandom bit generator.
A. keystream
B. digital signature
C. secure hash
D. message authentication code
_______ controls are pervasive, generic, underlying technical IT security capabilities
that are interrelated with, and used by, many other controls.
A. Preventative
B. Supportive
C. Operational
D. Detection and recovery
At the top level of the group key hierarchy is the ___________.
A foreign key value can appear multiple times in a table.
Cryptographic hash functions generally execute faster in software than conventional
encryption algorithms such as DES.
The association service enables transfer of data between a station on an IEEE 802.11
LAN and a station on an integrated IEEE 802.x LAN.
A ________ occurs when multiple processes and threads compete to gain uncontrolled
access to some resource.
A number of widely used standard C _________ compound the problem of buffer
overflow by not providing any means of limiting the amount of data transferred to the
space available in the buffer.
A prime disadvantage of an application-level gateway is the additional processing
overhead on each connection.
High humidity does not pose a threat to electrical and electronic equipment as long as
the computer's temperature stays within the optimal range.
An _______ condition occurs when the IS equipment receives less voltage than is
required for normal operation.
The relative lack of success in bringing cybercriminals to justice has led to an increase
in their numbers, boldness, and the global scale of their operations.
The firewall can protect against attacks that bypass the firewall.
Distributed firewalls protect against internal attacks and provide protection tailored to
specific machines and applications.
The default algorithms used for encrypting S/MIME messages are the triple DES and a
public-key scheme known as _______.
The _________ is inserted between the premises network and the Internet to establish a
controlled link and to erect an outer security wall or perimeter to protect the premises
network from Internet-based attacks.
Public-key cryptography is asymmetric.
A __________ is an individual to whom a debit card is issued.
