__A__ 1. Regarding access control, a(n) ____ is a specific resource, such as a file or a hardware device.
a. object c. operation
b. subject d. asset
__B__ 2. Regarding access control, a(n) ____ is a user or a process functioning on behalf of the user who attempts to access an object.
a. object c. operation
b. subject d. asset
__C__ 3. Regarding access control, an example of a(n) ____ is when a user attempts to delete a file.
a. object c. operation
b. subject d. asset
__D__ 4. In the ____ model, the end user cannot implement, modify, or transfer any controls.
a. Discretionary Access Control (DAC) c. Rule Based Access Control (RBAC)
b. Role Based Access Control (RBAC) d. Mandatory Access Control (MAC)
__B__ 5. With the ____ model a subject has total control over any objects that he or she owns, along with the programs that are associated with those objects.
a. RBAC c. RuBAC
b. DAC d. MAC
__D__ 6. The ____ model is considered a more “real world” approach than the other models to structuring access control.
a. Discretionary Access Control (DAC) c. Mandatory Access Control (MAC)
b. Rule Based Access Control (RBAC) d. Role Based Access Control (RBAC)
__C__ 7. The ____ model can dynamically assign roles to subjects based on a set of rules defined by a custodian.
a. Discretionary Access Control (DAC) c. Rule Based Access Control (RBAC)
b. Role Based Access Control (RBAC) d. Mandatory Access Control (MAC)
__A__ 8. Known as ____, this practice requires that if the fraudulent application of a process could potentially result in a breach of security, then the process should be divided between two or more individuals.
a. separation of duties c. least privilege
b. job rotation d. implicit deny
__D__ 9. The principle of ____ in access control means that each user should be given only the minimal amount of privileges necessary to perform his or her job function.
a. job rotation c. separation of duties
b. implicit deny d. least privilege
__A__ 10. ____ in access control means that if a condition is not explicitly met, then it is to be rejected.
a. Implicit deny c. least privilege
b. Separation of duties d. job rotation
__C__ 11. Generally a ____ is used to configure settings for systems that are not part of Active Directory.
a. Group Policy c. Local Group Policy
b. Group Policy Object d. Domain Group Policy
__B__ 12. ____ accounts are user accounts that remain active after an employee has left an organization.
a. Ghost c. Phantom
b. Orphaned d. Floating
__A__ 13. ____ is the process of setting a user’s account to expire.
a. Account expiration c. Account restriction
b. Time of day restriction d. Login expiration
__B__ 14. A ____ is a secret combination of letters and numbers that only the user knows.
a. badge c. RFID tag
b. password d. smartcard
__C__ 15. A ____ attack begins with the attacker creating hashes of common dictionary words, and compares those hashed dictionary words against those in a stolen password file.
a. birthday c. dictionary
b. brute force d. rainbow table
__D__ 16. ____ make password attacks easier by creating a large pregenerated data set of hashes from nearly every possible password combination.
a. Brute force attacks c. Birthday attacks
b. Dictionary attacks d. Rainbow tables
__B__ 17. To address the security issues in the LM hash, Microsoft introduced the ____ hash.
a. VLM c. ELM
b. NTLM d. NETLM
__D__ 18. A ____ lock, also known as the key-in-knob lock, is the easiest to use because it requires only a key for unlocking the door from the outside.
a. deadbolt c. tailgate
b. cipher d. preset
__C__ 19. Known as a ____ lock, this lock extends a solid metal bar into the door frame for extra security.
a. tailgate c. deadbolt
b. preset d. cipher
__A__ 20. ____ locks are combination locks that use buttons that must be pushed in the proper sequence to open the door.
a. Cipher c. Preset
b. Deadbolt d. Tailgate
__D__ 21. A ____ is a security device that monitors and controls two interlocking doors to a small room (a vestibule) that separates a nonsecured area from a secured area.
a. CCTV c. cipher lock
b. tailgate sensor d. mantrap
__B__ 22. ____ is the presentation of credentials or identification, typically performed when logging on to a system.
a. Authentication c. Authorization
b. Identification d. Access
__A__ 23. ____ is the verification of the credentials to ensure that they are genuine and not fabricated.
a. Authentication c. Authorization
b. Identification d. Access
__C__ 24. ____ is granting permission for admittance.
a. Authentication c. Authorization
b. Identification d. Access
__D__ 25. ____ is the right to use specific resources.
a. Authentication c. Authorization
b. Identification d. Access
__A__ 26. There are several types of OTPs. The most common type is a ____ OTP.
a. time-synchronized c. token-based
b. challenge-based d. biometric-based
__D__ 27. A ____ fingerprint scanner requires the user to place the entire thumb or finger on a small oval window on the scanner.
a. cognitive c. physical
b. dynamic d. static
__C__ 28. A ____ fingerprint scanner has a small slit or opening. Instead of placing the entire finger on the scanner the finger is swiped across the opening.
a. static c. dynamic
b. cognitive d. physical
__B__ 29. ____ time is the time it takes for a key to be pressed and then released.
a. Hit c. Flight
b. Dwell d. Type
__D__ 30. ____, such as using an OTP (what a person has) and a password (what a person knows), enhances security, particularly if different types of authentication methods are used.
a. Standard biometrics c. Cognitive biometrics
b. Federated identity management d. Two-factor authentication
__B__ 31. ____ requires that a user present three different types of authentication credentials.
a. Two-factor authentication c. Behavioral biometrics
b. Three-factor authentication d. Cognitive biometrics
__C__ 32. ____ is a feature of Windows that is intended to provide users with control of their digital identities while helping them to manage privacy.
a. FMI c. Windows CardSpace
b. Windows Live ID d. OpenID
__A__ 33. ____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
a. OpenID c. .NET Passport
b. Windows CardSpace d. Windows Live ID
__B__ 34. ____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
a. RADIUS c. TACACS+
b. Kerberos d. LDAP
__A__ 35. ____ is an industry standard protocol specification that forwards username and password information to a centralized server.
a. TACACS+ c. RADIUS
b. LDAP d. Kerberos
__C__ 36. The International Organization for Standardization (ISO) created a standard for directory services known as ____.
a. X.400i c. X.500
b. X.459 d. X.589
__D__ 37. The ____, sometimes called X.500 Lite, is a simpler subset of DAP.
a. Kerberos c. TACACS+
b. RADIUS d. LDAP
__A__ 38. The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as the ____.
a. EAP c. X.500
b. LDAP d. TACACS+
__D__ 39. ____ is a very basic authentication protocol that was used to authenticate a user to a remote access server or to an Internet service provider (ISP).
a. MS-CHAP c. EAP-TLS
b. EAP-MD5 d. PAP
__C__ 40. ____ refers to any combination of hardware and software that enables access to remote users to a local internal network.
a. LDAP c. RAS
b. EAP d. VPN
__B__ 41. A(n) ____ uses an unsecured public network, such as the Internet, as if it were a secure private network.
a. RAS c. EAP
b. VPN d. LDAP
__D__ 42. A(n) ____ is the end of the tunnel between VPN devices.
a. concentrator c. VPN server
b. demux d. endpoint
__B__ 43. In information security, a ____ is the likelihood that a threat agent will exploit a vulnerability.
a. hole c. risk
b. threat d. weakness
__A__ 44. ____ generally denotes a potential negative impact to an asset.
a. Risk c. Weakness
b. Threat d. Vulnerability
__B__ 45. The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
a. risk modeling c. weakness modeling
b. threat modeling d. vulnerability modeling
__D__ 46. Known as ____, this in effect takes a snapshot of the security of the organization as it now stands.
a. risk identification c. threat identification
b. risk mitigation d. vulnerability appraisal
__A__ 47. The ____ is the expected monetary loss every time a risk occurs.
a. Single Loss Expectancy (SLE) c. Asset Value (AV)
b. Exposure Factor (EF) d. Annualized Loss Expectancy (ALE)
__D__ 48. The ____ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.
a. Single Loss Expectancy (SLE) c. Asset Value (AV)
b. Exposure Factor (EF) d. Annualized Loss Expectancy (ALE)
__B__ 49. In a ____, the risk is spread over all of the members of the pool.
a. retained risk c. joined risk
b. risk retention pool d. cooperative risk
__C__ 50. Identifying vulnerabilities through a(n) ____ determines the current security weaknesses that could expose assets to threats.
a. asset identification c. vulnerability appraisal
b. threat identification d. risk mitigation
__D__ 51. Most communication in TCP/IP involves the exchange of information between a program running on one device (known as a ____) and the same or a corresponding process running on another device.
a. port c. scanner
b. socket d. process
__C__ 52. TCP/IP uses a numeric value as an identifier to applications and services on the systems. These are known as the ____.
a. process c. port number
b. socket d. protocol
__B__ 53. ____ are typically used to determine the state of a port to know what applications are running and could be exploited.
a. Network scanners c. Port testers
b. Port scanners d. Network testers
__A__ 54. A(n) ____ port means that the application or service assigned to that port is listening.
a. open c. blocked
b. closed d. listening
__C__ 55. A(n) ____ port indicates that no process is listening at this port.
a. listening c. closed
b. open d. blocked
__A__ 56. A(n) ____ port means that the host system does not reply to any inquiries to this port number.
a. blocked c. open
b. closed d. listening
__B__ 57. ____ are software tools that can identify all the systems connected to a network.
a. Port scanners c. ICMP mappers
b. Network mappers d. ICMP scanners
__D__ 58. ____ provides support to IP in the form of ICMP messages that allow different types of communication to occur between IP devices.
a. SNMP c. HTTP
b. SMTP d. ICMP
__A__ 59. The key feature of a protocol analyzer is that it places the computer’s network interface card (NIC) adapter into ____, meaning that NIC does not ignore packets intended for other systems and shows all network traffic.
a. promiscuous mode c. traffic mode
b. listening mode d. sniffing mode
__D__ 60. ____ is a generic term that refers to a range of products that look for vulnerabilities in networks or systems.
a. Port scanner c. Ping
b. Network mapper d. Vulnerability scanner
__B__ 61. ____ is a “common language” for the exchange of information regarding security vulnerabilities.
a. XML c. SQL
b. OVAL d. HTML
__C__ 62. ____ programs use the file of hashed passwords and then attempts to break the hashed passwords offline.
a. ICMP scanner c. Password cracker
b. Port scanner d. Network mapper
__D__ 63. ____ is a method of evaluating the security of a computer system or network by simulating a malicious attack instead of just scanning for vulnerabilities.
a. Vulnerability scanning c. Port scanning
b. Network mapping d. Penetration testing
__B__ 64. ____ is the process of assigning and revoking privileges to objects; that is, it covers the procedures of managing object authorizations.
a. Privilege assignment c. Privilege auditing
b. Privilege management d. Privilege configuration
__C__ 65. The ____ is typically defined as the person responsible for the information, who determines the level of security needed for the data, and delegates security duties as required.
a. guardian c. owner
b. manager d. custodian
__A__ 66. The ____ is the individual to whom day-to-day actions have been assigned by the owner and who periodically reviews security settings and maintains records of access by end users.
a. custodian c. manager
b. guardian d. owner
__D__ 67. The Windows file and folder ____ permission allows files or folders to be opened as read-only and to be copied.
a. Write c. Modify
b. Read and Execute d. Read
__C__ 68. The Windows file and folder ____ permission allows the creation of files and folders, and allows data to be added to or removed from files.
a. Modify c. Write
b. Read and Execute d. Read
__D__ 69. The Microsoft ____ infrastructure is a mechanism to centrally configure and secure a common set of computer and user configurations and security settings to Windows servers, desktops, and users in an AD.
a. Security Template c. Auditing
b. Baseline d. Group Policy
__A__ 70. ____ is part of the pre-trial phase of a lawsuit in which each party through the law of civil procedure can request documents and other evidence from other parties or can compel the production of evidence by using a subpoena.
a. Discovery c. Interview
b. Interrogation d. Retention
__B__ 71. ILM strategies are typically recorded in ____ policies.
a. user security c. data confidentiality
b. storage and retention d. group
__D__ 72. ____ assigns a level of business importance, availability, sensitivity, security and regulation requirements to data.
a. Usage auditing c. Usage classification
b. Security auditing d. Data classification
__B__ 73. ____ means permissions given to a higher level “parent” will also be inherited by a lower level “child.”
a. Delegation c. Transition
b. Inheritance d. Classification
__A__ 74. ____ is the process for generating, transmitting, storing, analyzing, and disposing of computer security log data.
a. Log management c. Event management
b. Log auditing d. Event auditing
__C__ 75. ____ servers are intermediate hosts through which Web sites are accessed.
a. NIDS c. Proxy
b. Authentication d. HIPS
__B__ 76. ____ logs can be used to determine whether new IP addresses are attempting to probe the network and if stronger firewall rules are necessary to block them.
a. Proxy servers c. Authentication servers
b. Firewall d. DNS
__C__ 77. A(n) ____ is an occurrence within a software system that is communicated to users or other programs outside the operating system.
a. thread c. event
b. entry d. call
__A__ 78. ____ are operational actions that are performed by the operating system, such as shutting down the system or starting a service.
a. System events c. System functions
b. System calls d. System processes
__D__ 79. Logs based on ____ are the second common type of security-related operating system logs.
a. event records c. event logs
b. system events d. audit records
__C__ 80. ____ refers to a methodology for making changes and keeping track of those changes, often manually.
a. Event auditing c. Change management
b. Event management d. Log management
__D__ 81. ____ monitoring is designed for detecting statistical anomalies.
a. Signature-based c. Time-based
b. Behavior-based d. Anomaly-based
__A__ 82. ____ monitoring compares activities against a predefined signature.
a. Signature-based c. Behavior-based
b. Anomaly-based d. Time-based
__B__ 83. A ____ baseline is a reference set of data established to create the “norm” of performance for a system or systems.
a. configuration c. system
b. performance d. monitoring
__D__ 84. A ____ monitor is typically a low-level system program that uses a notification engine designed to monitor and track down hidden activity on a desktop system, server, or even personal digital assistant (PDA) or cell phone.
a. performance c. behavior
b. baseline d. system
__A__ 85. Changing the original text to a secret message using cryptography is known as ____.
a. encryption c. ciphertext
b. decryption d. cleartext
__D__ 86. Data that is in an unencrypted form is called ____ data.
a. plaintext c. hidetext
b. caesartext d. cleartext
__C__ 87. ____, also called a one-way hash, is a process for creating a unique “signature” for a set of data.
a. Digital signing c. Hashing
b. Decrypting d. Encrypting
__B__ 88. ____ is a relatively recent cryptographic hash function that has received international recognition and adoption by standards organizations.
a. MD5 c. SHA-1
b. Whirlpool d. MD2
__D__ 89. Symmetric encryption is also called ____ key cryptography.
a. open c. public
b. close d. private
__B__ 90. The simplest type of stream cipher is a ____ cipher. It simply substitutes one letter or character for another.
a. transposition c. permutation
b. substitution d. homoalphabetic
__C__ 91. A ____ substitution cipher maps a single plaintext character to multiple ciphertext characters.
a. polyalphabetic c. homoalphabetic
b. monoalphabetic d. random
__A__ 92. A ____ cipher rearranges letters without changing them.
a. transposition c. substitution
b. monoalphabetic d. homoalphabetic
__B__ 93. A ____ cipher manipulates an entire block of plaintext at one time.
a. substitution c. stream
b. block d. transposition
__A__ 94. ____ was approved by the NIST in late 2000 as a replacement for DES.
a. AES c. Twofish
b. 3DES d. Blowfish
__C__ 95. ____ is a block cipher that processes blocks of 64 bits.
a. SHA-1 c. RC2
b. RC4 d. MD5
__D__ 96. The ____ algorithm dates back to the early 1990s and is used in European nations.
a. Blowfish c. RC4
b. Twofish d. IDEA
__A__ 97. ____ encryption uses two keys instead of one. These keys are mathematically related and are known as the public key and the private key.
a. Asymmetric c. Private
b. Symmetric d. Open
__D__ 98. The asymmetric algorithm ____ was published in 1977 and patented by MIT in 1983.
a. AES c. SHA
b. Diffie-Hellman d. RSA
__C__ 99. The strength of the ____ algorithm is that it allows two users to share a secret key securely over a public network.
a. DES c. Diffie-Hellman
b. RSA d. AES
__B__ 100. A similar program known as ____ is a PGP open-source product.
a. FreePGP c. PGPx
b. GPG d. PGPnix
__D__ 101. Microsoft’s ____ is a cryptography system for Windows operating systems that use the Windows NTFS file system.
a. GPG c. PGP
b. AES d. EFS
__B__ 102. Cryptography can also be applied to entire disks. This is known as ____ encryption.
a. symmetric c. file system
b. whole disk d. EFS
__C__ 103. To protect data stored on a hard drive, Microsoft Windows Vista includes ____ drive encryption.
a. IDEA c. BitLocker
b. TPM d. AES
__A__ 104. ____ is a hardware-enabled data encryption feature.
a. BitLocker c. AES
b. EFS d. DES
__B__ 105. ____ is essentially a chip on the motherboard of the computer that provides cryptographic services.
a. EFS c. BitLocker
b. TPM d. AES
__C__ 106. Some organizations set up a subordinate entity, called a ____, to handle some CA tasks such as processing certificate requests and authenticating users.
a. Remote Authority (RA) c. Registration Authority (RA)
b. Delegation Authority (DA) d. Handle Authority (HA)
__D__ 107. ____ digital certificates are issued by a CA or RA directly to individuals.
a. Server c. Single-sided
b. Software publisher d. Personal
__B__ 108. ____ digital certificates are often issued from a Web server to a client, although they can be distributed by any type of server, such as a mail server.
a. Software publisher c. Personal
b. Server d. Organizational
__A__ 109. When Bob sends one digital certificate to Alice along with his message, that is known as a ____ certificate.
a. single-sided c. dual-sided
b. software publisher d. server
__D__ 110. In one type of trust model, ____ trust, a relationship exists between two individuals because one person knows the other person.
a. indirect c. discrete
b. third party d. direct
__A__ 111. A(n) ____ trust refers to a situation in which two individuals trust each other because each trusts a third party.
a. third party c. indirect
b. direct d. discrete
__B__ 112. The ____ trust model assigns a single hierarchy with one master CA called the root.
a. web of c. direct
b. hierarchical d. third party
__C__ 113. The ____ trust model has multiple CAs that sign digital certificates.
a. direct c. distributed
b. web of d. hierarchical
__A__ 114. The ____ trust model is the basis for digital certificates issued by Internet users.
a. distributed c. direct
b. hierarchical d. web of
__C__ 115. With the ____ trust model, there is one CA that acts as a “facilitator” to interconnect all other CAs.
a. web of c. bridge
b. distributed d. hierarchical
__B__ 116. The ____ provides recommended baseline security requirements for the use and operation of CA, RA, and other PKI components.
a. certificate practice statement c. baseline policy
b. certificate policy d. CA policy
__D__ 117. A ____ describes in detail how the CA uses and manages certificates.
a. CA policy c. baseline policy
b. certificate policy d. certificate practice statement
__C__ 118. ____ refers to a situation in which keys are managed by a third party, such as a trusted CA.
a. Expiration c. Key escrow
b. Renewal d. Revocation
__D__ 119. ____ is used to connect to an FTP server, much in the same way that HTTP links to a Web server.
a. SSH c. SSL
b. PKCS d. FTP
__B__ 120. ____ is a protocol that guarantees privacy and data integrity between applications communicating over the Internet.
a. FTP c. HTTP
b. TLS d. CRL
__A__ 121. The TLS ____ Protocol allows authentication between the server and the client and the negotiation of an encryption algorithm and cryptographic keys before any actual data is transmitted.
a. Handshake c. Transport
b. Record d. Packing
__D__ 122. The TLS ____ Protocol is used to encapsulate higher-level protocols.
a. Packing c. Transport
b. Handshake d. Record
__A__ 123. ____ is actually a suite of three utilities—slogin, scp, and ssh—that are secure versions of the unsecure UNIX counterpart utilities rlogin, rcp, and rsh.
a. SSH c. SSL
b. TLS d. SFTP
__B__ 124. ____ is the most widely deployed tunneling protocol.
a. SSL c. TLS
b. PPTP d. NAS
__C__ 125. One variation of PPP that is used by broadband Internet providers with DSL or cable modem connections is ____.
a. TLS c. PPPoE
b. LCP d. PPTP
__C__ 126. One of the most common e-mail transport protocols is ____.
a. S/MIME c. TLS
b. SSL d. IPsec
__A__ 127. A Class ____ fire includes common combustibles.
a. A c. C
b. B d. D
__B__ 128. ____ systems spray the fire area with pressurized water.
a. Dry chemical c. Chemical agent
b. Water sprinkler d. Clean agent
__D__ 129. ____ systems disperse a fine, dry powder over the fire.
a. Clean agent c. Water sprinkler
b. Clean chemical d. Dry chemical
__C__ 130. ____ fire suppression systems do not harm people, documents, or electrical equipment in the room.
a. Water sprinkler c. Clean agent
b. Clean sprinkler d. Dry chemical
__B__ 131. In a(n) ____ server cluster, a standby server exists only to take over for another server in the event of its failure.
a. network c. redundant
b. asymmetric d. symmetric
__C__ 132. In a(n) ____ server cluster, every server in the cluster performs useful work. If one server fails, the remaining servers continue to perform their normal work as well as that of the failed server.
a. asymmetric c. symmetric
b. redundant d. network
__D__ 133. A system of hard drives based on redundancy can be achieved through using a technology known as ____, which uses multiple hard disk drives for increased reliability and performance.
a. MTBF c. ESD
b. VPN d. RAID
__A__ 134. ____ partitions the storage space of each hard drive into smaller sections, which can be as small as 512 bytes or as large as several megabytes.
a. Striping c. Duplexing
b. Mirroring d. Segmenting
__C__ 135. Disk ____ involves connecting multiple drives in the server to the same disk controller card.
a. segmenting c. mirroring
b. stripping d. duplexing
__A__ 136. Instead of having a single disk controller card that is attached to all hard drives, disk ____ has separate cards for each disk.
a. duplexing c. mirroring
b. segmenting d. stripping
__D__ 137. RAID Level 5 distributes ____ data (a type of error checking) across all drives instead of using a separate drive to hold the parity error checking information.
a. mirroring c. segmenting
b. stripping d. parity
__B__ 138. A(n) ____ UPS is always running off its battery while the main power runs the battery charger.
a. battery c. off-line
b. on-line d. mirroring
__A__ 139. A ____ site is generally run by a commercial disaster recovery service that allows a business to continue computer and network operations to maintain business continuity.
a. hot c. cold
b. warm d. cool
__B__ 140. A ____ site provides office space but the customer must provide and install all the equipment needed to continue operations.
a. cool c. warm
b. cold d. hot
__D__ 141. A ____ site has all of the equipment installed but does not have active Internet or telecommunications facilities, and does not have current backups of data.
a. cold c. cool
b. hot d. warm
__C__ 142. Backup software can internally designate which files have already been backed up by setting a(n) ____ in the properties of the file.
a. archive sector c. archive bit
b. backup bit d. backup sector
__A__ 143. The ____ is defined as the maximum length of time that an organization can tolerate between backups.
a. RPO c. D2D
b. RTO d. D2D2T
__C__ 144. The ____ is simply the length of time it will take to recover the data that has been backed up.
a. D2D2T c. RTO
b. RPO d. D2D
__D__ 145. An alternative to using magnetic tape is to back up to magnetic disk, such as a large hard drive or RAID configuration. This is known as ____.
a. RTO c. D2D2T
b. RPO d. D2D
__B__ 146. A solution that combines the best of magnetic tape and magnetic disk is ____. This technology uses the magnetic disk as a temporary storage area.
a. D2D c. RTO
b. D2D2T d. RPO
__C__ 147. ____ is the application of science to questions that are of interest to the legal profession.
a. Chain of custody c. Forensics
b. RTO d. RPO
__D__ 148. At its core, a(n) ____ policy is a document that outlines the protections that should be enacted to ensure that the organization’s assets face minimal risks.
a. safety c. change management
b. acceptable use d. security
__C__ 149. A ____ is a collection of requirements specific to the system or procedure that must be met by everyone.
a. recommendation c. standard
b. guideline d. policy
__A__ 150. A ____ is a collection of suggestions that should be implemented.
a. guideline c. policy
b. recommendation d. standard
__B__ 151. A ____ is a document that outlines specific requirements or rules that must be met.
a. standard c. guideline
b. policy d. recommendation
__C__ 152. ____ determines the items that have a positive economic value and may include data, hardware, personnel, physical assets, and software.
a. Risk assessment c. Asset identification
b. Threat identification d. Vulnerability appraisal
__B__ 153. ____ takes a snapshot of the security of the organization as it now stands.
a. Risk mitigation c. Risk assessment
b. Vulnerability appraisal d. Threat identification
__A__ 154. ____ involves determining the damage that would result from an attack and the likelihood that the vulnerability is a risk to the organization.
a. Risk assessment c. Vulnerability appraisal
b. Risk mitigation d. Asset identification
__D__ 155. A(n) ____ policy establishes guidelines for effectively reducing the threat of computer viruses on the organization’s network and computers.
a. acceptable encryption c. automated forwarded e-mail
b. dial-in access d. anti-virus
__B__ 156. A(n) ____ policy outlines the requirements and provides the authority for an information security team to conduct audits and risk assessments, investigate incidents, to ensure conformance to security policies, or to monitor user activity.
a. database credentials coding c. automatically forwarded e-mail
b. audit vulnerability scanning d. analog line
__D__ 157. A(n) ____ policy defines requirements for storing and retrieving database usernames and passwords.
a. analog line c. e-mail retention
b. dial-in access d. database credentials coding
__A__ 158. A(n) ____ policy helps employees determine what information sent or received by e-mail should be retained and for how long.
a. e-mail retention c. router security
b. extranet d. information sensitivity
__C__ 159. A(n) ____ policy establishes requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization’s network.
a. extranet c. VPN security
b. server security d. demilitarized zone security
__D__ 160. Many organizations have a ____ policy that outlines how the organization uses personal information it collects.
a. security-related human resource c. disposal and destruction
b. password management and complexity d. personally identifiable information
__C__ 161. Most organizations have a ____ policy that addresses the disposal of resources that are considered confidential.
a. security-related human resource c. disposal and destruction
b. password management and complexity d. personally identifiable information
__A__ 162. A ____ policy is designed to produce a standardized framework for classifying information assets.
a. classification of information c. service level agreement
b. change management d. disposal and destruction
__B__ 163. ____ refers to a methodology for making changes and keeping track of those changes, often manually.
a. Classification of information c. Destruction and disposal
b. Change management d. Service level agreement
__C__ 164. ____ are a person’s fundamental beliefs and principles used to define what is good, right, and just.
a. Norms c. Values
b. Morals d. Ethics
__B__ 165. ____ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong.
a. Ethics c. Codes
b. Morals d. Norms
__A__ 166. ____ can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments.
a. Ethics c. Values
b. Codes d. Morals
__D__ 167. ____ relies on tricking and deceiving someone to provide secure information.
a. Worm c. Trojan horse
b. Virus d. Social engineering
__B__ 168. One of the most common forms of social engineering is ____, or sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.
a. dumpster diving c. computer hoax
b. phishing d. pharming
No comments:
Post a Comment