Chapter1

Question 1

True or false:
The first step in solving problems is to gather facts and make assumptions.

Answer 1

False

Question 2

True or False:
Corruption of information can occur only while information is being stored.

Answer 2

False

Question 3

True/False
The authorization process takes place before the authentication process

Answer 3

False

Question 4

True/False
A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.

Answer 4

True

Question 5

True/False
DoS attacks cannot be launched against routers.

Answer 5

False

Question 6

True/False
“Shoulder spying” is used in public or semi-public settings when individuals gather information, they are not authorized to have by looking over another individual’s shoulder or viewing the information from a distance. _________________________

Answer 6

Fasle-surfing

Question 7

True/False
When voltage levels** lag** (experience a momentary increase), the extra voltage can severely damage or destroy equipment. _________________________

Answer 7

False- Spike

Question 8

True/False
The macro virus infects the key operating system files located in a computer’s start up sector. _________________________

Answer 8

False- boot

Question 9

True/False
The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. _________________________

Answer 9

False- Bruteforce

Question 10

True/False
The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. _________________________

Answer 10

False- Cracker

Question 11

True/False
A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. ________________________

Answer 11

True

Question 12

True/False
The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information. _________________________

Answer 12

True

Question 13

True/False
A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffer. ____________

Answer 13

False- Packet

Question 14

True/False
One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail. _________________________

Answer 14

False -Bomb

Question 15

Communications security involves the protection of which of the following?
a. radio handsets
b. people, physical assets
c. the IT department
d. media, technology, and content

Answer 15

d. Media,technology, and content

Question 16

According to the C.I.A. triad, which of the following is a desirable characteristic for computer security? a. accountability
b. availability
c. authorization
d. authentication

Answer 16

b- availability

Question 17

Which of the following is a C.I.A. characteristic that ensures that only those with sufficient privileges and a demonstrated need may access certain information? a. Integrity b. Availability c. Authentication d. Confidentiality

Answer 17

d - Confidentiality

Question 18

The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which process?
a. accountability
b. authorization
c. identification
d. authentication

Answer 18

d - authentication

Question 19

What do audit logs that track user activity on an information system provide?
a. identification
b. authorization
c. accountability
d. authentication

Answer 19

c - accountability

Question 20

Which of the following is the principle of management that develops, creates, and implements strategies for the accomplishment of objectives?
a. leading
b. controlling
c. organizing
d. planning

Answer 20

d -Planning

Question 21

Which of the following is the principle of management dedicated to the structuring of resources to support the accomplishment of objectives? a. organization b. planning c. controlling d. leading

Answer 21

a -organization

Question 22

In the ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. a. zombie-in-the-middle b. sniff-in-the-middle c. server-in-the-middle d. man-in-the-middle

Answer 22

d -man-in-the-middle

Question 23

Which of the following is the first step in the problem-solving process? a. Analyze and compare the possible solutions. b. Develop possible solutions. c. Recognize and define the problem. d. Select, implement, and evaluate a solution

Answer 23

c -Recognize and define

Question 24

Which of the following is NOT a step in the problem-solving process? a. Select, implement and evaluate a solution b. Analyze and compare possible solutions c. Build support among management for the candidate solution d. Gather facts and make assumptions

Answer 24

c - build support among management for the candidate solution

Question 25

Which of the following is NOT a primary function of Information Security Management? a. planning b. protection c. projects d. performance

Answer 25

d -Performance

Question 26

Which of the following functions of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidelines? a. planning b. policy c. programs d. people

Answer 26

b. -policy

Question 27

Which function of InfoSec Management encompasses security personnel as well as aspects of the SETA program? a. protection b. people c. projects d. policy

Answer 27

b. -people

Question 28

Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. a. bypass b. theft c. trespass d. security

Answer 28

c. -trespass

Question 29

____________________ are malware programs that hide their true nature, and revealtheir designed behavior only when activated. a. Viruses b. Worms c. Spam d. Trojan horses

Answer 29

d. -Trojan horse

Question 30

As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus ____________________. a. false alarms b. polymorphisms c. hoaxes d. urban legends

Answer 30

c. -hoaxes

Question 31

Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________. a. threats b. education c. hugs d. paperwork

Answer 31

b. -education

Question 32

“4-1-9” fraud is an example of a ____________________ attack. a. social engineering b. virus c. worm d. spam

Answer 32

a. -Social Engineering

Question 33

Which type of attack involves sending a large number of connection or information requests to a target? a. malicious code b. denial-of-service (DoS) c. brute force d. spear fishing

Answer 33

b. -denial-of-service(DoS)

Question 34

Which of the following is not among the 'deadly sins of software security'? a. Extortion sins b. Implementation sins c. Web application sins d. Networking sins

Answer 34

a. -Extortion

Question 35

Web hosting services are usually arranged with an agreement defining minimum service levels known as a(n) ____. a. SSL b. SLA c. MSL d. MIN

Answer 35

b. -SLA

Question 36

Blackmail threat of informational disclosure is an example of which threat category? a. Espionage or trespass b. Information extortion c. Sabotage or vandalism d. Compromises of intellectual property

Answer 36

b. -information extortion

Question 37

One form of online vandalism is ____________________ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. a. hacktivist b. phreak c. hackcyber d. cyberhack

Answer 37

a. -Hacktivist

Question 38

A ____________________ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. a. denial-of-service b. distributed denial-of-service c. virus d. spam

Answer 38

b. - distributed DoS

Question 39

Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls? a. brute force b. DoS c. back door d. hoax

Answer 39

c. -back door

Question 40

A short-term interruption in electrical power availability is known as a ____. a. fault b. brownout c. blackout d. lag

Answer 40

a. -fault

Question 41

The three levels of planning are strategic planning, tactical planning, and ____________________ planning.

Answer 41

Operational

Question 42

The set of organizational guidelines that dictates certain behavior within the organization is called ____________________.

Answer 42

Policy

Question 43

Attempting to reverse-calculate a password is called ______________

Answer 43

Cracking

Question 44

ESD is the acronym for ____________________ discharge.

Answer 44

Electrostatic

Question 45

Duplication of software-based intellectual property is more commonly known as software ____________________.

Answer 45

Piracy

Question 46

A(n) ____________________ hacks the public telephone network to make free calls or disrupt services.

Answer 46

Phreaker

Question 47

A momentary low voltage is called a(n) _____________

Answer 47

Sag

Question 48

Some information gathering techniques are quite legal, for example, using a Web browser to perform market research. These legal techniques are called, collectively, competitive ___________________

Answer 48

Intelligence

Question 49

A(n) ____________________ is a potential weakness in an asset or its defensive control(s).

Answer 49

Vulnerability

Question 50

____________________ is unsolicited commercial e-mail

Answer 50

Spam

Question 51

A virus or worm can have a payload that installs a(n) ____________________ door or trap door component in a system, which allows the attacker to access the system at will with special privileges

Answer 51

Back

Question 52

A(n) ____________________ is an act against an asset that could result in a loss

Answer 52

Attack

Question 53

A ____________ overflow is an application error that occurs when the system can’t handle the amount of data that is sent

Answer 53

Buffer

Question 54

Explain the differences between a leader and a manager.

Answer 54

The distinctions between a leader and a manager arise in the execution of organizational tasks. A leader provides purpose, direction, and motivation to those that follow. By comparison, a manager administers the resources of the organization. He or she creates budgets, authorizes expenditures, and hires employees.