Internet and Network Security Final Exam rd Book used: Principles of Information Security 3 Edition, Whitman & Mattord,

2009

Question 1
2 out of 2 points

Using ____, the system reviews the log files generated by servers, network devices, and even other IDPSs.
Answer Selected Answer:

LFM

Question 2
2 out of 2 points

In most common implementation models, the content filter has two components: ____.
Answer Selected Answer:

rating and filtering

Question 3
2 out of 2 points

____ are software programs that hide their true nature, and reveal their designed behavior only when activated.
Answer Selected Answer:

Trojan horses

Question 4
2 out of 2 points

The ____ is a methodology for the design and implementation of an information system in an organization.
Answer Selected Answer:

SDLC

Question 5
2 out of 2 points

The transfer of large batches of data to an off-site facility is called ____.

electronic vaulting

Question 6
2 out of 2 points

The most sophisticated locks are ____.

biometric

Question 7
2 out of 2 points

The ____ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems.
Answer Selected Answer:

Systems

Question 8
2 out of 2 points

____ is the validation of a supplicant's identity.

Authentication

Question 9
2 out of 2 points

The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by the Internet Society and the ____.
Answer Selected Answer:

IETF

Question 10
2 out of 2 points

The most successful kind of top-down approach involves a formal development strategy referred to as a(n) ____.
Answer Selected Answer:

systems development life cycle

Question 11
2 out of 2 points

Which of the following ports is commonly used for the HTTP protocol?
Answer Selected Answer:

80

Question 12
2 out of 2 points

The first phase in the development of the contingency plan process is the development of a(n) ____.
Answer Selected Answer:

BIA

Question 13
2 out of 2 points

Criminal or unethical ____ goes to the state of mind of the individual performing the act.
Answer Selected Answer:

intent

Question 14
2 out of 2 points

The ____ vulnerability assessment process is designed to find and document selected vulnerabilities that are likely to be present on the internal network of the organization.
Answer Selected Answer:

Intranet

Question 15
2 out of 2 points

GIAC also has a managerial certification, the ____.

GISO

Question 16
2 out of 2 points

A computer is the ____ of an attack when it is used to conduct the attack.

subject

Question 17
2 out of 2 points

The concept of competitive ____ refers to the need to avoid falling behind the competition.
Answer Selected Answer:

disadvantage

Question 18
2 out of 2 points

____ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem.
Answer Selected Answer:

Correlation

Question 19
2 out of 2 points

____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
Answer Selected Answer:

NIDPSs

Question 20
2 out of 2 points

There are individuals who search trash and recycling - a practice known as ____ - to retrieve information that could embarrass a company or compromise information security.
Answer Selected Answer:

dumpster diving

Question 21
2 out of 2 points

____ is the origin of today's Internet.

ARPANET

Question 22
2 out of 2 points

The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future.
Answer Selected Answer:

wrap-up

Question 23
2 out of 2 points

____ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and installed.
Answer Selected Answer:

Static

Question 24
2 out of 2 points

____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.
Answer Selected Answer:

Zombies

Question 25
2 out of 2 points

____ law represents a wide variety of laws that govern a nation or state.
Answer Selected Answer:

Civil

Question 26
2 out of 2 points

____ was developed by Phil Zimmermann and uses the IDEA Cipher for message encoding.
Answer Selected Answer:

PGP

Question 27
2 out of 2 points

The ____ is essentially a one-way hash value that is encrypted with a symmetric key.
Answer Selected Answer:

MAC

Question 28
2 out of 2 points

The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
Answer Selected Answer:

CISO

Question 29
2 out of 2 points

____ of information is the quality or state of being genuine or original.

Selected Answer:

Authenticity

Question 30
2 out of 2 points

The ____ program focuses more on authentication, including biometrics and PKI.
Answer Selected Answer:

SCNA

Question 31
2 out of 2 points

When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____.
Answer Selected Answer:

standard of due care

Question 32
2 out of 2 points

The steps of the Internet vulnerability assessment include ____, which is when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection.
Answer Selected Answer:

scanning

Question 33
2 out of 2 points

The probability of a threat occurring is usually a loosely derived table indicating the probability of an attack from each threat type within a given time frame. This value is commonly referred to as the ____.
Answer Selected Answer:

ARO

Question 34
2 out of 2 points

____ defines stiffer penalties for prosecution of terrorist crimes.

U.S.A. Patriot Act

Question 35
2 out of 2 points

The ____ Portability and Accountability Act Of 1996, also known as the KennedyKassebaum Act, is an attempt to protect the confidentiality and security of health-care data by establishing and enforcing standards and by standardizing electronic data interchange.
Answer Selected Answer:

Health Insurance

Question 36
2 out of 2 points

Many organizations use a(n) ____ interview to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback on the employee's tenure in the organization.
Answer Selected Answer:

exit

Question 37
2 out of 2 points

____ is designed to prevent abuse of information gained by an individual working in one company and employed by another.
Answer Selected Answer:

Economic Espionage Act

Question 38
2 out of 2 points

____ addresses are sometimes called electronic serial numbers or hardware addresses.
Answer Selected Answer:

MAC

Question 39
2 out of 2 points

A(n) ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
Answer Selected Answer:

distributed denial-of-service

Question 40
2 out of 2 points

In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.

Answer Selected Answer:

confidential

Question 41
2 out of 2 points

NIDPSs must look for attack patterns by comparing measured activity to known ____ in their knowledge base.
Answer Selected Answer:

signatures

Question 42
2 out of 2 points

An alert ____ is a document containing contact information for the individuals to be notified in the event of an incident.
Answer Selected Answer:

roster

Question 43
2 out of 2 points

One of the leading causes of damage to sensitive circuitry is ____.

ESD

Question 44
2 out of 2 points

A ____ site provides only rudimentary services and facilities.

cold

Question 45
2 out of 2 points

In the ____ process, measured results are compared to expected results.

negative feedback loop

Question 46
2 out of 2 points

The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-related

federal laws and enforcement efforts.

Fraud

Question 47
2 out of 2 points

____ are decoy systems designed to lure potential attackers away from critical systems and encourage attacks against themselves.
Answer Selected Answer:

Honey pots

Question 48
2 out of 2 points

____ are encrypted messages that can be mathematically proven to be authentic.

Digital signatures

Question 49
2 out of 2 points

____ is used to respond to network change requests and network architectural design proposals.
Answer Selected Answer:

Network connectivity RA

Question 50
2 out of 2 points

There are ____ major processing-mode categories of firewalls.

five