IS3445 CHAP 15 WEB APPLICATION SECURITY ORGANIZATIONS, EDUCATION, TRAINING, AND CERTIFICATION Flashcards Preview

IS3445 SEC WEB APPS > IS3445 CHAP 15 WEB APPLICATION SECURITY ORGANIZATIONS, EDUCATION, TRAINING, AND CERTIFICATION > Flashcards

Flashcards in IS3445 CHAP 15 WEB APPLICATION SECURITY ORGANIZATIONS, EDUCATION, TRAINING, AND CERTIFICATION Deck (19)
Loading flashcards...
1
Q

___ are now normally higher level coordination bodies with wider responsibilities for vulnerability and attack research and issuing warning and vulnerability notices.

A

(CIRT) Computer incident response team

2
Q

___ is an all hours or on call group for an organization, corporation, or country designed to respond to online attacks or similar events. May also be called ISIRT.

A

(CSIRT) Computer security incident response team

3
Q

___ is the basic description of computer application and operating system vulnerability; run for the Department of Homeland Security by the MITRE Corporation.

A

(CVE) Common Vulnerabilities and Exposures list

4
Q

___ is a regularly updated US federal government project that sets a minimum security configuration for Microsoft Windows XP and Windows Vista computers that are used as general-purpose desktops.

A

(FDCC) Federal Desktop Core Configuration

5
Q

___ is a worldwide voluntary and collaborative body bringing together incident response teams and related organizations. It encourages rapid and secure communications between affected communities and allows in-confidence information sharing.

A

(FIRST) Forum of Incident Response and Security Teams

6
Q

___ is a carefully monitored system set up by security professionals to be attacked, so that attack sources and methods can be analyzed.

A

Honeypot

7
Q

___ is a nonprofit professional and certification body that provides related programs for information security professionals.

A

(ISC)2 International Information Systems Security Certification Consortium

8
Q

___ is the international standard for accrediting schemes that certify personal competences.

A

ISO 17024

9
Q

___ is a copyright or licensing system that, compared with conventional commercial licensing schemes, allows wide use and modification of the material.

A

Open source

10
Q
  1. Which organization provides incident response support for the federal government?
  2. OWASP
  3. The Secret Service
  4. US-CERT
  5. FIRST
A

US-CERT

11
Q
  1. Which organizations investigate Internet crime?
  2. MLATs
  3. IC3
  4. ECTFs
  5. OWASP
A

IC3

ECTFs

12
Q
  1. Which of the following standards are governed by NIST? (Select two)
  2. Advanced Encryption Standard (AES)
  3. ISO 27001
  4. Federal Desktop Core Configuration
  5. CISSP
A

Advanced Encryption Standard (AES)

Federal Desktop Core Configuration

13
Q
  1. which of the following are (ISC)2 qualifications? (Select three)
  2. CISM
  3. CISSP
  4. CISSP-ISSEP
  5. Security+
  6. CSSLP
A

CISSP

CISSP-ISSEP

CSSLP

14
Q
  1. You must pass an exam to become an (ISC)2 associate.

TRUE OR FALSE

A

TRUE

15
Q
  1. Which certification organization is not approved under DiD Directive 8750?
  2. CERT/CC
  3. ISACA
  4. SANS GIAC
  5. FLETC
A

FLETC

16
Q
  1. What is the purpose of open proxy honest in relation to Internet-based Web attacks?
  2. Silently record for later analysis
  3. Act as deliberate weakened targets for
  4. Obscure the source of
  5. Detect and terminate
A

Silently record for later analysis

17
Q
  1. Roughly how many site reviews were used to generate the most recent WASC Web Security Report?
  2. 5,000
  3. 10,000
  4. 20,000
  5. 100,000
A

10,000

18
Q
  1. ISO 17024 is the international standard for which of the following?
  2. Information security management systems
  3. Web application penetration testing
  4. Evaluation criteria for IT security
  5. Certification programs for personal competence
A

Certification programs for personal competence

19
Q
  1. The National Institute of Standards and Technology (NIST) represents the US int he International Standards Organization.
    TRUE OR FALSE
A

FALSE