chapter 1-5
DESCRIPTION
principles of information security exam1 reviewTRANSCRIPT
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 1/31
Review Test Submission: Assignment 1
Content
User stephen saan-ire
Course CIS280_01_SP12
Test Assignment 1
Started 1/18/12 7:52 PM
Submitted 1/18/12 8:42 PM
Status Completed
Score 100 out of 100 points
Time Elapsed 49 minutes out of 1 hour and 15 minutes.
Instructions
Question 1
4 out of 4 points
____ presents a comprehensive information security model and has become a widely
accepted evaluation standard for the security of information systems.
Answer
Selected Answer: a.
NSTISSI No. 4011
Question 2
4 out of 4 points
The ____ model consists of six general phases.
Answer
Selected Answer: c.
waterfall
Question 3
4 out of 4 points
A(n) ____ attack is a hacker using a personal computer to break into a system.
Answer
Selected Answer: d.
direct
Question 4
4 out of 4 points
Information security can be an absolute.
Answer
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 2/31
Selected Answer: False
Question 5
4 out of 4 points
____ was the first operating system to integrate security as its core functions.Answer
Selected Answer: b.MULTICS
Question 6
4 out of 4 points
The value of information comes from the characteristics it possesses.
Answer
Selected Answer: True
Question 7
4 out of 4 points
____ is the predecessor to the Internet.
Answer
Selected Answer: c.
ARPANET
Question 8
4 out of 4 points
A famous study entitled “Protection Analysis: Final Report” was published in ____.
Answer
Selected Answer: b.
1978
Question 9
4 out of 4 points
The most successful kind of top-down approach involves a formal development strategy
referred to as a ____.
Answer
Selected Answer: a.
systems development life cycle
Question 10
4 out of 4 points
Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss.
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 3/31
____ dictates what steps are taken when an attack occurs.
Answer
Selected Answer: a.
Incident response
Question 11
4 out of 4 points
In file hashing, a file is read by a special algorithm that uses the value of the bits in the fileto compute a single large number called a ____ value.
Answer
Selected Answer: a.
hash
Question 12
4 out of 4 points
____ of information is the quality or state of being genuine or original.
Answer
Selected Answer: d.
Authenticity
Question 13
4 out of 4 points
Organizations are moving toward more ____-focused development approaches, seeking to
improve not only the functionality of the systems they have in place, but consumer
confidence in their product.
Answer
Selected Answer: b.
security
Question 14
4 out of 4 points
____ security addresses the issues necessary to protect the tangible items, objects, or areas
of an organization from unauthorized access and misuse.
Answer
Selected Answer: b.
Physical
Question 15
4 out of 4 points
The primary threats to security during the early years of computers were physical theft of equipment, espionage against the products of the systems, and sabotage.
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 4/31
Answer
Selected Answer: True
Question 16
4 out of 4 points
The physical design is the blueprint for the desired solution.Answer
Selected Answer: False
Question 17
4 out of 4 points
An information system is the entire set of ____, people, procedures, and networks that
make possible the use of information resources in the organization.
Answer
Selected Answer: d.
All of the above
Question 18
4 out of 4 points
People with the primary responsibility for administering the systems that house theinformation used by the organization perform the ____ role.
Answer
Selected Answer: d.
system administrators
Question 19
4 out of 4 points
During the ____ phase, specific technologies are selected to support the alternatives
identified and evaluated in the logical design.
Answer
Selected Answer: b.physical design
Question 20
4 out of 4 points
A computer is the ____ of an attack when it is used to conduct the attack.
Answer
Selected Answer: a.
subject
Question 21
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 5/31
4 out of 4 points
Which of the following is a valid type of data ownership?
Answer
Selected Answer: d.
All of the above
Question 22
4 out of 4 points
The ____ is a methodology for the design and implementation of an information system in
an organization.
Answer
Selected Answer: a.
SDLC
Question 23
4 out of 4 points
The roles of information security professionals are aligned with the goals and mission of
the information security community of interest.Answer
Selected Answer: True
Question 24
4 out of 4 points
Which of the following phases is the longest and most expensive phase of the systemsdevelopment life cycle?
Answer
Selected Answer: d.
maintenance and change
Question 25
4 out of 4 points
The ____ is the individual primarily responsible for the assessment, management, andimplementation of information security in the organization.
Answer
Selected Answer: b.
CISO
Wednesday, January 18, 2012 8:42:10 PM CST
OK
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 6/31
Review Test Submission: Assignment 2Content
User stephen saan-ire
Course CIS280_01_SP12
Test Assignment 2
Started 1/14/12 4:43 PM
Submitted 1/14/12 5:27 PM
Status Completed
Score 100 out of 100 points
Time Elapsed 44 minutes out of 1 hour and 15 minutes.
Instructions
Question 1
4 out of 4 points
____ is any technology that aids in gathering information about a person or organization without
their knowledge.
Answer
Selected Answer: a.
Spyware
Question 2
4 out of 4 points
Web hosting services are usually arranged with an agreement providing minimum service levels
known as a(n) ____.
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 7/31
Answer
Selected Answer: d.
SLA
Question 3
4 out of 4 points
Complete loss of power for a moment is known as a ____.
Answer
Selected Answer: d.
fault
Question 4
4 out of 4 points
According to Mark Pollitt, ____ is the premeditated, politically motivated attacks against
information, computer systems, computer programs, and data which result in violence against
noncombatant targets by subnational groups or clandestine agents.
Answer
Selected Answer: b.
cyberterrorism
Question 5
4 out of 4 points
In a ____ attack, the attacker sends a large number of connection or information requests to a
target.
Answer
Selected Answer: a.
denial-of-service
Question 6
4 out of 4 points
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 8/31
In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network,
modifies them, and inserts them back into the network.
Answer
Selected Answer: a.
man-in-the-middle
Question 7
4 out of 4 points
Which of the following functions does information security perform for an organization?
Answer
Selected Answer: d.
All of the above
Question 8
4 out of 4 points
____ is an integrated system of software, encryption methodologies, and legal agreements that
can be used to support the entire information infrastructure of an organization.
Answer
Selected Answer: d.
PKI
Question 9
4 out of 4 points
____ are machines that are directed remotely (usually by a transmitted command) by the
attacker to participate in an attack.
Answer
Selected Answer: a.
Zombies
Question 10
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 9/31
4 out of 4 points
“4-1-9” fraud is an example of a ____ attack.
Answer
Selected Answer: c.
social engineering
Question 11
4 out of 4 points
The ____ data file contains the hashed representation of the user’s password.
Answer
Selected Answer: d.
SAM
Question 12
4 out of 4 points
Information security safeguards the technology assets in use at the organization.
Answer
Selected Answer: True
Question 13
4 out of 4 points
There are generally two skill levels among hackers: expert and ____.
Answer
Selected Answer: a.
Novice
Question 14
4 out of 4 points
A number of technical mechanisms—digital watermarks and embedded code, copyright codes,
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 10/31
and even the intentional placement of bad sectors on software media—have been used to
enforce copyright laws.
Answer
Selected Answer: True
Question 15
4 out of 4 points
A ____ is an attack in which a coordinated stream of requests is launched against a target from
many locations at the same time.
Answer
Selected Answer: d.
distributed denial-of-service
Question 16
4 out of 4 points
Acts of ____ can lead to unauthorized real or virtual actions that enable information gatherers to
enter premises or systems they have not been authorized to enter.
Answer
Selected Answer: a.
trespass
Question 17
4 out of 4 points
As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus
____.
Answer
Selected Answer: b.
hoaxes
Question 18
4 out of 4 points
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 11/31
____ are software programs that hide their true nature, and reveal their designed behavior only
when activated.
Answer
Selected Answer: c.
Trojan horses
Question 19
4 out of 4 points
Which of the following is an example of a Trojan horse program?
Answer
Selected Answer: b.
Happy99.exe
Question 20
4 out of 4 points
The ____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on
the network.
Answer
Selected Answer: c.
TCP
Question 21
4 out of 4 points
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is
longer than ____ characters in Internet Explorer 4.0, the browser will crash.
Answer
Selected Answer: C.
256
Question 22
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 12/31
4 out of 4 points
Forces of nature, force majeure, or acts of God can present some of the most dangerous threats,
because they are usually occur with very little warning and are beyond the control of people.
Answer
Selected Answer: True
Question 23
4 out of 4 points
Information security’s primary mission is to ensure that systems and their contents retain their
confidentiality at all costs.
Answer
Selected Answer: False
Question 24
4 out of 4 points
One form of online vandalism is ____ operations, which interfere with or disrupt systems to
protest the operations, policies, or actions of an organization or government agency.
Answer
Selected Answer: b.
hacktivist
Question 25
4 out of 4 points
A sniffer program shows all the data going by on a network segment including passwords, the
data inside files—such as word-processing documents—and screens full of sensitive data from
applications.
Answer
Selected Answer: True
Saturday, January 14, 2012 5:27:39 PM CST
OK
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 13/31
Review Test Submission: Assignment 3
Content
User stephen saan-ire
Course CIS280_01_SP12
Test Assignment 3
Started 1/15/12 7:09 PM
Submitted 1/15/12 7:55 PM
Status Completed
Score 100 out of 100 points
Time Elapsed 46 minutes out of 1 hour and 15 minutes.
Instructions
Question 1
4 out of 4 points
Which of the following countries reported generally intolerant attitudes toward personal use of
organizational computing resources?
Answer
Selected Answer: c.
Singapore
Question 2
4 out of 4 points
What is the subject of the Computer Security Act?
Answer
Selected Answer: c.
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 14/31
Federal Agency Information Security
Question 3
4 out of 4 points
Which of the following acts is also widely known as the Gramm-Leach-Bliley Act?
Answer
Selected Answer: d.
Financial Services Modernization Act
Question 4
4 out of 4 points
What is the subject of the Sarbanes-Oxley Act?
Answer
Selected Answer: a.
Financial Reporting
Question 5
4 out of 4 points
The ____ of 1999 provides guidance on the use of encryption and provides protection from
government intervention.
Answer
Selected Answer: b.
Security and Freedom through Encryption Act
Question 6
4 out of 4 points
The Information Systems Security Association (ISSA) is a nonprofit society of information security
professionals whose primary mission is to bring together qualified information security
practitioners for information exchange and educational development.
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 15/31
Answer
Selected Answer: True
Question 7
4 out of 4 points
The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related federal
laws and enforcement efforts.
Answer
Selected Answer: a.
Fraud
Question 8
4 out of 4 points
The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act,
protects the confidentiality and security of health care data by establishing and enforcing
standards and by standardizing electronic data interchange.
Answer
Selected Answer: b.
Health Insurance
Question 9
4 out of 4 points
According to the National Information Infrastructure Protection Act of 1996, the severity of the
penalty for computer crimes depends on the value of the information obtained and whether the
offense is judged to have been committed for each of the following except ____.
Answer
Selected Answer: b.
to harass
Question 10
4 out of 4 points
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 16/31
The National Information Infrastructure Protection Act of 1996 modified which Act?
Answer
Selected Answer: a.
Computer Fraud and Abuse Act
Question 11
4 out of 4 points
Criminal or unethical ____ goes to the state of mind of the individual performing the act.
Answer
Selected Answer: b.
intent
Question 12
4 out of 4 points
The Privacy of Customer Information Section of the common carrier regulation states that any
proprietary information shall be used explicitly for providing services, and not for any ____
purposes.
Answer
Selected Answer: c.
marketing
Question 13
4 out of 4 points
____ attempts to prevent trade secrets from being illegally shared.
Answer
Selected Answer: a.
Economic Espionage Act
Question 14
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 17/31
4 out of 4 points
Individuals with authorization and privileges to manage information within the organization are
most likely to cause harm or damage ____.
Answer
Selected Answer: a.
by accident
Question 15
4 out of 4 points
Which of the following acts defines and formalizes laws to counter threats from computer relatedacts and offenses?
Answer
Selected Answer: c.
Computer Fraud and Abuse Act
Question 16
4 out of 4 points
The NSA is responsible for signal intelligence and information system security.
Answer
Selected Answer: True
Question 17
4 out of 4 points
____ law comprises a wide variety of laws that govern a nation or state.
Answer
Selected Answer: b.
Civil
Question 18
4 out of 4 points
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 18/31
Laws and policies and their associated penalties only deter if which of the following conditions is
present?
Answer
Selected Answer: d.
All of the above
Question 19
4 out of 4 points
____ defines stiffer penalties for prosecution of terrorist crimes.
Answer
Selected Answer: a.
USA Patriot Act
Question 20
4 out of 4 points
____ law regulates the structure and administration of government agencies and their
relationships with citizens, employees, and other governments.
Answer
Selected Answer: b.
Public
Question 21
4 out of 4 points
The Secret Service is charged with the detection and arrest of any person committing a United
States federal offense relating to computer fraud and false identification crimes.
Answer
Selected Answer: True
Question 22
4 out of 4 points
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 19/31
The Department of Homeland Security is the only U.S. federal agency charged with the protection
of American information resources and the investigation of threats to, or attacks on, the
resources.
Answer
Selected Answer: False
Question 23
4 out of 4 points
The Council of Europe adopted the Convention of CyberCrime in ____.
Answer
Selected Answer: d.
2001
Question 24
4 out of 4 points
Established in January 2001, the National InfraGard Program began as a cooperative effort
between the FBI’s Cleveland Field Office and local technology professionals.
Answer
Selected Answer: True
Question 25
4 out of 4 points
Which of the following acts is a collection of statutes that regulate the interception of wire,
electronic, and oral communications?
Answer
Selected Answer: d.
Electronic Communications Privacy Act
Sunday, January 15, 2012 7:55:56 PM CST
OK
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 20/31
Review Test Submission: Assignment 4
ContentUser stephen saan-ire
Course CIS280_01_SP12
Test Assignment 4
Started 1/29/12 3:30 PM
Submitted 1/29/12 4:21 PM
Status Completed
Score 100 out of 100 points
Time Elapsed 50 minutes out of 1 hour and 15 minutes.Instructions
Question 1
4 out of 4 points
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the
outcome of its exploitation.Answer
Selected Answer: a.accept control
Question 2
4 out of 4 points
____ feasibility analysis examines user acceptance and support, management acceptanceand support, and the overall requirements of the organization’s stakeholders.
Answer
Selected Answer: b.Operational
Question 3
4 out of 4 points
When organizations adopt levels of security for a legal defense, they may need to show
that they have done what any prudent organization would do in similar circumstances.
This is referred to as a(n) ____.Answer
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 21/31
Selected Answer: a.
standard of due care
Question 4
4 out of 4 points
The concept of competitive ____ refers to falling behind the competition.Answer
Selected Answer: b.disadvantage
Question 5
4 out of 4 points
In a(n) _____, each information asset is assigned a score for each of a set of assignedcritical factor.
Answer
Selected Answer: b.
weighted factor analysis
Question 6
4 out of 4 points
The ____ strategy attempts to shift risk to other assets, other processes, or otherorganizations.
Answer
Selected Answer: d.
transfer control
Question 7
4 out of 4 points
The first phase of risk management is ____.
Answer
Selected Answer: c.
risk identification
Question 8
4 out of 4 points
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 22/31
The ____ security policy is an executive-level document that outlines the organization’s
approach and attitude towards information security and relates the strategic value of
information security within the organization.
Answer
Selected Answer: d.general
Question 9
4 out of 4 points
There are individuals who search trash and recycling — a practice known as ____ — to
retrieve information that could embarrass a company or compromise information security.
Answer
Selected Answer: b.
dumpster diving
Question 10
4 out of 4 points
____ equals likelihood of vulnerability occurrence times value (or impact) minus
percentage risk already controlled plus an element of uncertainty.
AnswerSelected Answer: b.
Risk
Question 11
4 out of 4 points
Risk ____ defines the quantity and nature of risk that organizations are willing to accept
as they evaluate the tradeoffs between perfect security and unlimited accessibility.
Answer
Selected Answer: d.
appetite
Question 12
4 out of 4 points
The actions an organization can and perhaps should take while an incident is in progress
should be specified in a document called the ____ plan.Answer
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 23/31
Selected Answer: a.
IR
Question 13
4 out of 4 points
The ____ security policy is a planning document that outlines the process of implementing security in the organization.
Answer
Selected Answer: d.
program
Question 14
4 out of 4 points
____ plans usually include all preparations for the recovery process, strategies to limit
losses during the disaster, and detailed steps to follow when the smoke clears, the dust
settles, or the floodwaters recede.
Answer
Selected Answer: b.
DR
Question 15
4 out of 4 points
The formal decision making process used when consider the economic feasibility of implementing information security controls and safeguards is called a(n) ____.
Answer
Selected Answer: a.
CBA
Question 16
4 out of 4 points
In the U.S. military classification scheme, ____ data is any information or material the
unauthorized disclosure of which reasonably could be expected to cause damage to the
national security.
Answer
Selected Answer: b.confidential
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 24/31
Question 17
4 out of 4 points
____ policies address the particular use of certain systems.
Answer
Selected Answer: c.
Systems-specific
Question 18
4 out of 4 points
The ____ strategy attempts to prevent the exploitation of the vulnerability.
Answer
Selected Answer: a.
defend control
Question 19
4 out of 4 points
____ addresses are sometimes called electronic serial numbers or hardware addresses.
AnswerSelected Answer: c.
MAC
Question 20
4 out of 4 points
Risk ____ is the application of controls to reduce the risks to an organization’s data and
information systems.
Answer
Selected Answer: d.
control
Question 21
4 out of 4 points
A(n) ____ is an authorization issued by an organization for the repair, modification, or
update of a piece of equipment.Answer
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 25/31
Selected Answer: c.
FCO
Question 22
4 out of 4 points
The military uses a _____-level classification scheme.Answer
Selected Answer: c.five
Question 23
4 out of 4 points
____ is simply how often you expect a specific type of attack to occur.Answer
Selected Answer: a.
ARO
Question 24
4 out of 4 points
Management of classified data includes its storage and ____.
Answer
Selected Answer: d.
All of the above
Question 25
4 out of 4 points
Many corporations use a ____ to help secure the confidentiality and integrity of
information.Answer
Selected Answer: c.data classification scheme
Sunday, January 29, 2012 4:21:27 PM CST
OK
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 26/31
Review Test Submission: Assignment 5
Content
User stephen saan-ire
Course CIS280_01_SP12
Test Assignment 5
Started 2/8/12 9:57 PM
Submitted 2/8/12 10:50 PM
Status Completed
Score 100 out of 100 points
Time Elapsed 52 minutes out of 1 hour and 15 minutes.
Instructions
Question 1
4 out of 4 points
The first phase in the development of the contingency planning process is the ____.
Answer
Selected Answer: b.
BIA
Question 2
4 out of 4 points
Standards may be published, scrutinized, and ratified by a group, as in formal or ____standards.
Answer
Selected Answer: a.
de jure
Question 3
4 out of 4 points
The ____ is based on and directly supports the mission, vision, and direction of the
organization and sets the strategic direction, scope, and tone for all security efforts.
Answer
Selected Answer: a.
EISP
Question 4
4 out of 4 points
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 27/31
____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity
based on previous baselines.
Answer
Selected Answer: c.
Network
Question 5
4 out of 4 points
RAID ____ drives can be hot swapped.Answer
Selected Answer: d.5
Question 6
4 out of 4 points
The spheres of ____ are the foundation of the security framework and illustrate how
information is under attack from a variety of sources.Answer
Selected Answer: b.
security
Question 7
4 out of 4 points
Redundancy can be implemented at a number of points throughout the security
architecture, such as in ____.
Answer
Selected Answer: d.
All of the above
Question 8
4 out of 4 points
The transfer of large batches of data to an off-site facility is called ____.
Answer
Selected Answer: c.
electronic vaulting
Question 9
4 out of 4 points
The SETA program is the responsibility of the ____ and is a control measure designed to
reduce the incidences of accidental security breaches by employees.Answer
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 28/31
Selected Answer: b.
CISO
Question 10
4 out of 4 points
An alert ____ is a document containing contact information for the people to be notified in
the event of an incident.
Answer
Selected Answer: d.
roster
Question 11
4 out of 4 points
What country adopted ISO/IEC 17799?
Answer
Selected Answer: d.
None of the above
Question 12
4 out of 4 points
____ controls cover security processes that are designed by strategic planners andimplemented by the security administration of the organization.
Answer
Selected Answer: d.
Managerial
Question 13
4 out of 4 points
Effective management includes planning and ____.
Answer
Selected Answer: d.All of the above
Question 14
4 out of 4 points
____ controls address personnel security, physical security, and the protection of
production inputs and outputs.
Answer
Selected Answer: c.
Operational
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 29/31
Question 15
4 out of 4 points
A security ____ is an outline of the overall information security strategy for the
organization and a roadmap for planned changes to the information security environment
of the organization.Answer
Selected Answer: c.
framework
Question 16
4 out of 4 points
Incident damage ____ is the rapid determination of the scope of the breach of the
confidentiality, integrity, and availability of information and information assets during or
just following an incident.Answer
Selected Answer: b.assessment
Question 17
4 out of 4 points
The Security Area Working Group acts as an advisory board for the protocols and areas
developed and promoted by the Internet Society and the ____.
Answer
Selected Answer: d.
IETF
Question 18
4 out of 4 points
A buffer against outside attacks is frequently referred to as a(n) ____.Answer
Selected Answer: d.
DMZ
Question 19
4 out of 4 points
____ often function as standards or procedures to be used when configuring or maintaining
systems.
Answer
Selected Answer: d.
SysSPs
Question 20
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 30/31
4 out of 4 points
The stated purpose of ____ is to “give recommendations for information security
management for use by those who are responsible for initiating, implementing, or
maintaining security in their organization.”
Answer
Selected Answer: b.
ISO/IEC 27002
Question 21
4 out of 4 points
Strategic planning is the process of moving the organization towards its ____.
Answer
Selected Answer: b.
vision
Question 22
4 out of 4 points
A ____ site provides only rudimentary services and facilities.
Answer
Selected Answer: d.
cold
Question 23
4 out of 4 points
A(n) ____ plan deals with the identification, classification, response, and recovery from anincident.
Answer
Selected Answer: c.
IR
Question 24
4 out of 4 points
Security ____ are the areas of trust within which users can freely communicate.
Answer
Selected Answer: d.
domains
Question 25
4 out of 4 points
SP 800-14, Generally Accepted Principles and Practices for Securing InformationTechnology Systems, provides best practices and security principles that can direct the
5/14/2018 chapter 1-5 - slidepdf.com
http://slidepdf.com/reader/full/chapter-1-5-55a757a8bc183 31/31
security team in the development of a security ____.
Answer
Selected Answer: a.
blueprint
Wednesday, February 8, 2012 10:50:16 PM CST
OK