Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
A ______ triggers a bug in the system's network handling software causing it to crash
and the system can no longer communicate over the network until this software is
reloaded.
A. echo
B. reflection
C. poison packet
D. flash flood
The MPDU exchange for distributing pairwise keys is known as the _______.
A. pseudorandom function
B. cryptographic function
C. nonce
D. 4-way handshake
_________ is a document that describes the application level protocol for exchanging
data between intrusion detection entities.
A. RFC 4767
B. RFC 4766
C. RFC 4765
D. RFC 4764
__________ is malware that encrypts the user's data and demands payment in order to
access the key needed to recover the information.
A. Trojan horse
B. Ransomware
C. Crimeware
D. Polymorphic
The purpose of ________ is to determine the basic parameters within which the risk
assessment will be conducted and then to identify the assets to be examined.
A. establishing the context
B. control
C. risk avoidance
D. combining
The _______ module performs end-to-end encryption and obtains session keys on
behalf of users.
A. PKM
B. RCM
C. SSM
D. CCM
__________ systems identify features of the hand, including shape, and lengths and
widths of fingers.
A. Signature
B. Fingerprint
C. Hand geometry
D. Palm print
_________ include management, operational, and technical processes and procedures
that act to reduce the exposure of the organization to some risks by reducing the ability
of a threat source to exploit some vulnerabilities.
A. Security controls
B. Risk appetite
C. Risk controls
D. None of the above
Typical for SOHO applications, a __________ is a single router between internal and
external networks with stateless or full packet filtering.
A. single bastion T
B. double bastion inline
C. screening router
D. host-resident firewall
__________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
A. Traffic padding
B. Traffic control
C. Traffic routing
D. Traffic integrity
Windows allows the system user to enable auditing in _______ different categories.
A. five
B. seven
C. nine
D. eleven
_________ are analogous to a burglar guessing a safe combination by observing how
long it takes to turn the dial from number to number.
A. Digital standards
B. Mathematical attacks
C. Ciphers
D. Timing attacks
Implementing the risk treatment plan is part of the ______ step.
A. check
B. act
C. do
D. plan
Bots starting from a given HTTP link and then following all links on the provided Web
site in a recursive way is called _______.
A. trailing
B. spidering
C. spoofing
D. crowding
A consequence of a buffer overflow error is __________ .
A. corruption of data used by the program
B. unexpected transfer of control in the program
C. possible memory access violation
D. all of the above
A __________ uses macro or scripting code, typically embedded in a document and
triggered when the document is viewed or edited, to run and replicate itself into other
such documents.
A. boot sector infector
B. file infector
C. macro virus
D. multipartite virus
A __________ attack is a bot attack on a computer system or network that causes a loss
of service to users.
A. spam
B. phishing
C. DDoS
D. sniff
The intent of the ________ is to provide a clear overview of how an organization's IT
infrastructure supports its overall business objectives.
A. risk register
B. corporate security policy
C. vulnerability source
D. threat assessment
The exact substitutions and transformations performed by the algorithm depend on the
________.
A. ciphertext
B. decryption algorithm
C. secret key
D. encryption algorithm
A ________ is a key used between entities for the purpose of distributing session keys.
A. permanent key
B. session key
C. distribution key
D. all of the above
_________ is assurance that a system deserves to be trusted such that the trust can be
guaranteed in some convincing way such as through formal analysis or code review.
A. TCB
B. Trustworthiness
C. Trusted computing
D. TPM
_____ strengthens the protection of copyrighted materials in digital format.
A. HIPPA
B. DMCA
C. WIPO
D. DRM
___________ scan critical system files, directories, and services to ensure they have not
been changed without proper authorization.
A. Intrusion prevention systems
B. System integrity verification tools
C. Log analysis tools
D. Network and host intrusion detection systems
______ is the process of retaining copies of data over extended periods of time, being
months or years, in order to meet legal and operational requirements to access past data.
Cryptographic systems are generically classified by _________.
A. the type of operations used for transforming plaintext to ciphertext
B. the number of keys used
C. the way in which the plaintext is processed
D. all of the above
An integer value unique within the issuing CA that is unambiguously associated with
the certificate is the ________.
A. issuer name
B. subject's public-key information
C. issuer unique identifier
D. serial number
_________ control controls how particular services are used.
A. Service
B. Behavior
C. User
D. Direction
A __________ is created by using a secure hash function to generate a hash value for a
message and then encrypting the hash code with a private key.
A. digital signature
B. keystream
C. one way hash function
D. secret key
A _______ for an invention is the grant of a property right to the inventor.
A. patent
B. copyright
C. trademark
D. claim
"An individual (or role) may grant to another individual (or role) access to a document
based on the owner's discretion, constrained by the MAC rules" describes the
_________.
A. ss-property
B. ds-property
C. *-property
D. cc-property
TCP uses the _______ to establish a connection.
A. zombie
B. SYN cookie
C. directed broadcast
D. three-way handshake
The ________ function consists of encrypted content of any type and encrypted-content
encryption keys for one or more recipients.
A. clear-signed data
B. signed data
C. enveloped data
D. signed and enveloped data
________ assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the system.
A. System Integrity
C. Data Integrity
B. Availability
D. Confidentiality
The original message or data that is fed into the algorithm is __________.
A. encryption algorithm
B. secret key
C. decryption algorithm
D. plaintext
A stead reduction in memory available on the heap to the point where it is completely
exhausted is known as a ________.
A. fuzzing
B. deadlock
C. memory injection
D. memory leak
Some form of protocol is needed for public-key distribution.
All UNIX implementations will have the same variants of the syslog facility.
For information systems, the role of logical security is to protect the physical assets that
support the storage and processing of information.
An access right describes the way in which a subject may access an object.
The principal problems associated with employee behavior are errors and omissions,
_______, and actions by disgruntled employees.
__________ protocols operate in networking devices, such as a router or firewall, and
will encrypt and compress all traffic going into the WAN and decrypt and uncompress
traffic coming from the WAN.
All controls are applicable to all technologies.
The final step in the process of initially securing the base operating system is ________.
"Each block of 64 plaintext bits is encoded independently using the same key" is a
description of the CBC mode of operation.
An entire database such as a financial or personnel database cannot be maintained on a
server with other files and still be classified as confidential or restricted.
The strength of a hash function against brute-force attacks depends solely on the length
of the hash code produced by the algorithm.
A ___________ makes use of both signature and anomaly detection techniques to
identify attacks.
In a generic identity management architecture a ________ is an identity holder.
Organizational security objectives identify what IT security outcomes should be
achieved.
The major advantage of ________ is its simplicity and its freedom from assumptions
about the expected input to any program, service, or function.
Physical security must also prevent any type of physical access or intrusion that can
compromise logical security.
Water damage protection is included in security controls.
Security awareness, training, and education programs may be needed to comply with
regulations and contractual obligations.
The broad classes of intruders are: cyber criminals, state-sponsored organizations,
_________ , and others.
