IS3445 CHAP 15 WEB APPLICATION SECURITY ORGANIZATIONS, EDUCATION, TRAINING, AND CERTIFICATION

Question 1

___ are now normally higher level coordination bodies with wider responsibilities for vulnerability and attack research and issuing warning and vulnerability notices.

Answer 1

(CIRT) Computer incident response team

Question 2

___ is an all hours or on call group for an organization, corporation, or country designed to respond to online attacks or similar events. May also be called ISIRT.

Answer 2

(CSIRT) Computer security incident response team

Question 3

___ is the basic description of computer application and operating system vulnerability; run for the Department of Homeland Security by the MITRE Corporation.

Answer 3

(CVE) Common Vulnerabilities and Exposures list

Question 4

___ is a regularly updated US federal government project that sets a minimum security configuration for Microsoft Windows XP and Windows Vista computers that are used as general-purpose desktops.

Answer 4

(FDCC) Federal Desktop Core Configuration

Question 5

___ is a worldwide voluntary and collaborative body bringing together incident response teams and related organizations. It encourages rapid and secure communications between affected communities and allows in-confidence information sharing.

Answer 5

(FIRST) Forum of Incident Response and Security Teams

Question 6

___ is a carefully monitored system set up by security professionals to be attacked, so that attack sources and methods can be analyzed.

Answer 6

Honeypot

Question 7

___ is a nonprofit professional and certification body that provides related programs for information security professionals.

Answer 7

(ISC)2 International Information Systems Security Certification Consortium

Question 8

___ is the international standard for accrediting schemes that certify personal competences.

Answer 8

ISO 17024

Question 9

___ is a copyright or licensing system that, compared with conventional commercial licensing schemes, allows wide use and modification of the material.

Answer 9

Open source

Question 10

1. Which organization provides incident response support for the federal government?
2. OWASP
3. The Secret Service
4. US-CERT
5. FIRST

Answer 10

US-CERT

Question 11

2. Which organizations investigate Internet crime?
3. MLATs
4. IC3
5. ECTFs
6. OWASP

Answer 11

IC3

ECTFs

Question 12

3. Which of the following standards are governed by NIST? (Select two)
4. Advanced Encryption Standard (AES)
5. ISO 27001
6. Federal Desktop Core Configuration
7. CISSP

Answer 12

Advanced Encryption Standard (AES)

Federal Desktop Core Configuration

Question 13

4. which of the following are (ISC)2 qualifications? (Select three)
5. CISM
6. CISSP
7. CISSP-ISSEP
8. Security+
9. CSSLP

Answer 13

CISSP

CISSP-ISSEP

CSSLP

Question 14

5. You must pass an exam to become an (ISC)2 associate.

TRUE OR FALSE

Answer 14

TRUE

Question 15

6. Which certification organization is not approved under DiD Directive 8750?
7. CERT/CC
8. ISACA
9. SANS GIAC
10. FLETC

Answer 15

FLETC

Question 16

7. What is the purpose of open proxy honest in relation to Internet-based Web attacks?
8. Silently record for later analysis
9. Act as deliberate weakened targets for
10. Obscure the source of
11. Detect and terminate

Answer 16

Silently record for later analysis

Question 17

8. Roughly how many site reviews were used to generate the most recent WASC Web Security Report?
9. 5,000
10. 10,000
11. 20,000
12. 100,000

Answer 17

10,000

Question 18

9. ISO 17024 is the international standard for which of the following?
10. Information security management systems
11. Web application penetration testing
12. Evaluation criteria for IT security
13. Certification programs for personal competence

Answer 18

Certification programs for personal competence

Question 19

10. The National Institute of Standards and Technology (NIST) represents the US int he International Standards Organization.
    TRUE OR FALSE

Answer 19

FALSE