Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CPP Cert Study Flash Cards COPY > Information Security (9%) > Flashcards

Information Security (9%) Flashcards

1
Q

Protecting Information

Information Categories

A

Sensitive and proprietary information

Privacy-protected data

Intellectual property

Intangible assets

Information defined under international, federal, and state laws governing trade secrets, patents, and copyrights

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Protecting Information

Basic principles of effective protection

A
  1. Classification and labeling
  2. Handling protocols to specify use, distribution, storage, security expectations, declassification, return, and destruction/disposal methodology
  3. Training
  4. Incident reporting and investigation
  5. Audit/compliance processes and special needs (disaster recovery)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Protecting Information - Information Assets

What is the second most valuable resource after employee?

A

Corporate Knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Protecting Information - Information Assets

Intangible rights protecting commercially valuable products of intellect?

A

Intellectual Property Rights (IRR)

Trademark | Copyright | Patent | TradeSecrets | PublicityRights | MoralRights | Rights against unfair competition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Protecting Information - Information Assets

Excludes others from making, using, offering for sale, or selling an invention for 20 years

A

Patents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Protecting Information - Information Assets

The owner must take reasonable measures to keep the information secret

Must derive independent economic value, actual or potential, from not being generally known and not being readily ascertainable through proper means by the public

A

Trade Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Protecting Information - Information Assets

For information to be considered a trade secret, the owner must be able to prove…

A
  1. The information added value or benefit to the owner
  2. The trade secret was specifically identified
  3. The owner provided a reasonable level of protection

A robust security program and strict protection measures clearly and consistently defined, communicated, and enforced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Protecting Information - Information Assets

Patents vs. Trade secrets

A
  • An inventor may protect an invention by patenting it or by deeming it a trade secret
  • Patents require public disclosure and last only 20 years
  • A trade secret is not disclosed and may last indefinitely
  • Stealing a trade secret may violate criminal laws but there are no criminal laws regarding patent infringement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Protecting Information - Information Assets

A proprietary right or other valid economic interest in data resulting from private investment

A

Proprietary Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Protecting Information - Information Assets

  • Protects the expression of ideas in literary, artistic, and musical works
  • Under international law, copyrights do not have to be registered to be protected
  • An author or copyright holder can formalize ownership through government registration, which may help in any later enforcement actions
A

Copyright

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Protecting Information - Information Assets

Name, phrase or other device used to identify and distinguish the services of a certain provider

A

Service Mark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Protecting Information - Information Assets

Word, phrase, logo or other graphic symbol used by a manufacturer or seller to distinguish its product from others

Consists of words, names, symbols, devices, or images applied to products or used in connection with goods or services to identify their source

A

Trade Mark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Protecting Information - Information Assets

It is intellectual property owner’s responsibility to understand and comply with the requirements related to protecting patent, trademark and copyrights in each relevant jurisdiction

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Protecting Information - Information Risk Assessment

A thorough and tailored risk assessment is the foundation for the development of an overall IAP strategy

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Protecting Information - Information Risk Assessment

The goal of risk management and the security program is…

A

to optimize risk, never to minimize it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Protecting Information - Information Risk Assessment

In basic risk management, how much one should spend to prevent an information security incident equals the probability of the incident times its cost

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Protecting Information - Information Risk Assessment

Too often there is an over-emphasis on dollar values as the only metric in a risk analysis

A
  • May discourage the consideration of non-tangible measures of factors that cannot be easily quantified
  • Qualitative risk analysis are sometimes more appropriate and should be considered in lieu of or in addition to quantitative analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Protecting Information - OPSEC

What was developed in the military to protect unclassified information that could reveal sensitive plans and operations?

A

A Protection Approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Protecting Information - OPSEC

OPSEC calls for…

A

Viewing the big picture and identifying any protection gaps that remain despite current security measures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Protecting Information - OPSEC

OPSEC responds to the fact that small bits of information taken from several different sources can be combined to reveal sensitive information

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Protecting Information - OPSEC

OPSEC or information risk management should be practiced in organizations of all sizes, but it is particularly valuable for smaller businesses that may not have a large security or IAP staff or a great deal of security resources

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Protecting Information - OPSEC

A simple and systematic method of employing safeguards to protect critical information; the process includes five cyclical steps

A
  1. Identify assets (critical information
  2. Define the threat (collectors, capabilities, motivations)
  3. Assess vulnerabilities
  4. Analyze the risk (impact, priority, existing countermeasures, etc)
  5. Develop and implement countermeasures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Protecting Information - Information Threats

Categories of Information Threats

A

Intentional

Natural

Inadvertent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Protecting Information - Information Threats

Top business impacts of information loss…

A
  • Loss of company reputation/image/goodwill
  • Loss of competitive advantage in on product/service
  • Reduced projected/anticipated returns or profitability
  • Loss of core business technology or process
  • Loss of competitive advantage in multiple products/services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Protecting Information - Information Threats

Today information assets compromised are almost always impossible to recall or contain in terms of dissemination - They can be anywhere or everywhere in an instant

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Protecting Information - Information Threats

Perhaps the most frequently overlooked threats are inadvertent threats

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Protecting Information - Information Threats

Insider espionage is facilitated by…

A
  • Advanced information storage and retrieval results in easier access
  • A broader range of foreign buyers is more accessible than ever
  • International collaboration places more employees in strategic positions to work with foreign personnel
  • Opportunities to transfer information increase with increasing rates of foreign travel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Protecting Information - Information Threats

Insider espionage ctd…

A
  • Abundant financial burdens for Americans make them more prone to compromise
  • Debts increased by easy access to gambling sources will make Americans more prone to compromise
  • Reduced loyalty between organizations and employees generates motivation
  • Ethnic ties produce opportunities and motivation in American employees
  • Commitment to the “global community” and common good motivates the desire to share information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Protecting Information - Information Threats

A virtual threat (“ghost”) does one or more of three functions:

A
  1. Sends information to its control (owner of the threat software)
  2. Receives commands from its control
  3. Executes commands where it is installed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Protecting Information - Information Vulnerabilities

Trade shows are a traditional venue for business and government intelligence collection

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Protecting Information - Information Vulnerabilities

Virtual threats take advantage of flaws, or vulnerabilities, in a complex source code

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Protecting Information - Information Vulnerabilities

One business activity that raises special risks to a company’s information is the establishment of relationships with other companies, domestically or internationally

(such as partnerships or outsourcing agreements)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Protecting Information - Information Vulnerabilities

IT threats cannot manifest without a vulnerability to exploit, which are in five categories

A
  1. Vulnerabilities in the information systems infrastructure
  2. Vulnerabilities in people using the information systems infrastructure
  3. Vulnerabilities in people maintaining the information systems infrastructure
  4. Vulnerabilities in information systems management processes
  5. Executive and senior management vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Protecting Information

Access control databases are vulnerable in two ways

A
  1. Administrative misconduct
  2. Attack from an outside connection (internet)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Protecting Information

The physical access control network is generally made up of two parts

A
  1. The connection between the reader and a controller
  2. The TCP/IP network on which controllers talk to servers and users talk to servers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Protecting Information

A legacy HID (Hughes identification device) card has two components

A
  1. The secret facility number, or facility code, which is not printed on the card but is known to the facility owner
  2. An identification number that is printed on the card
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Protecting Information

A tool called gecko, which can be built for $10 worth of parts, can give an intruder complete control over a door by compromising the Weigand text stream sent from the reader to the controller

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Information Protection Measures

A race of technology and methodology between the “good guys” and the “bad guys”, requiring an organization’s information systems management program be continually improved

A

Red Queen Effect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Information Protection Measures

Because of their close interaction with employees every day, first and second-tier management are those individuals who exert the most influence over information security

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Information Protection Measures

Where does the responsibility ultimately lie for protecting information assets?

A

Leadership of an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Information Protection Measures

Information protection measures must be sufficient to ensure…

A

Confidentiality

Accountability

Non-repudiation

Integrity

Recoverability

Availability

Auditability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Information Protection Measures

The most effective IT security for information protection is a layered approach that integrates physical, procedural, and logical protection measures

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Information Protection Measures

3 different perspectives of Defense in Depth, or Layered Protection

A
  1. Increasing levels of trust for those who are given access to successive layers
  2. Different security technologies or measures that operate in concert
  3. Successive layers employed to delay, detect, and deter intruders
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Information Protection Measures

Personnel security plays a key role in IAP and includes things such as…

A
  • Due diligence investigations of potential partners
  • Standard pre-employment screening
  • Vetting of subcontractors, vendors, and consultants
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Information Protection Measures

Steps for protecting a business for espionage (according to the FBI)

A
  1. Recognize there is an insider and outsider threat to your company
  2. identify and evaluate trade secrets
  3. Implement a proactive plan for safeguarding trade secrets
  4. Secure physical and electronic versions of your trade secrets
  5. Confine intellectual knowledge on a “need-to-know” basis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Information Protection Measures

Security awareness and training is one of the most cost-effective measures that can be employed to protect corporate and organizational information assets

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Information Protection Measures

The use of services, equipment and techniques designed to locate, identify and neutralize the effectiveness of electronic eavesdropping, wiretapping, bugging, etc…

A

Technical Surveillance Countermeasures (TSCM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Information Access Control

Benefits of an IAP program

A
  • Enhances fiduciary oversight, control, and stewardship of key intangible assets
  • Aligns information assets with business operations and the organization’s strategic vision
  • Allows more efficient allocation of traditional and IT security resources
  • Allows more timely pursuit of information asset compromises and intellectual property rights (IPR) violations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Information Access Control

IAP Program benefits ctd…

A
  • Serves as leverage in negotiating coverage and premiums for intellectual property (IP) and information technology (IT) insurance
  • Provides consistency in regulatory reporting of intangible assets
  • Standardizes internal and external handling of intangible assets
  • Identifies key internal and external sources of intangible assets and intellectual capital
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Information Access Control

The first step in implementing an IAP is…?

A

To identify the information that may need to be labeled and protected

  • Helps narrow the scope of the information that requires protection
  • Focuses limited security resources where they are most needed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Information Access Control

An employee’s access to information should be based on his or her current job function and a need-to-know basis, not on a position or management level

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Information Access Control

An organization’s leadership should consider both the

A
  • Categories of Information
  • Levels of Information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Information Access Control

Levels of information may be determined by…?

A

Sensitivity

Criticality

Time which info. is pertinent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Information Access Control

Most organizations use 2 - 4 levels of sensitivity marking, such as “confidential”, “restricted”, “limited”

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Information Access Control

Typical categories of information controls

A
  1. Approved for external release (unrestricted access)
  2. Internal (limited to employees and contractors)
  3. Confidential (limited by a specific need to know)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Information Access Control

How should information of various classifications be stored?

A

Separately

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Information Access Control

Access to internal information should be restricted to company personnel or others who have signed a nondisclosure agreement

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Information Access Control

A central knowledge management system

A
  • Collects distributes and publicizes corporate data in a searchable, accessible format
  • Aids corporate departments by reducing redundant efforts and promoting knowledge sharing
  • Helps preserve knowledge if an employee leaves his or her position or the company
  • Can enable one department to learn from the processes, technologies, and ideas of another
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Information Access Control

A central knowledge management system ctd…

A
  • Can enable one department to learn from the processes, technologies, and ideas of another
  • Can be used to collect data that measure the productivity and performance of business units and individual employees
  • May create a security vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Information protection policy and procedure

Effective information Asset Policy (IAP) requires

A
  • Leadership commitment, budgetary resources, depth of support
  • Dedicated department
  • Requirement to adhere to the policy
  • Continuous education and training
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Information protection policy and procedure

Information security policies should include, at a minimum…

A
  1. A definition of information security, its overall objectives and scope, and the importance of security as an enabling mechanism for information sharing
  2. A statement of management intent, supporting the goals and principles of information security
  3. A brief explanation of the security policies, principles, standards, and compliance requirements of particular importance to the organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Information protection policy and procedure

Physical security participation in the creation of the ISS policy is critical for 2 reasons

A
  1. ISS policies affect day-to-day physical security operations (both staff’s interaction with computers and security devices’ connections to and interaction with the network)
  2. ISS policy defines what types of devices are allowed on the network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Information protection policy and procedure

Recovery…two primary elements of recovery are?

A
  1. To return to normal business operations as soon as possible
  2. To implement measures to prevent a recurrence of the problem
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Regulations and legal protection

Information owners must recognize legal protections are effective only if the owner is willing to pursue recourse

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Regulations and legal protection

The Gramm-Leach-Bliley Act

A

Regulates the use and disclosure of nonpublic Pll for those who obtain financial products or services from financial institutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Regulations and legal protection

  • Generally prohibits a financial institution from disclosing Pll to a nonaffiliated 3rd party, directly or indirectly, unless it has
A
  • Disclosed to the customer, in a clear and conspicuous manner, that the information may be disclosed to a third party
  • Has given the consumer an opportunity to direct that the information not be disclosed
  • Has described the manner in which the consumer can exercise the nondisclosure option
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Regulations and legal protection

HIPAA…Requires covered entities and business associates to do the following to protect health information

A
  1. Maintain a risk-driven information security management program based o administrative, technical, and physical controls
  2. Ensure the confidentiality, integrity, and availability of all electronic PHI created, received, maintained, or transmitted
  3. Protect against any reasonably anticipated threats or hazards to the security or integrity of PHI
  4. Protect against any reasonably anticipated uses or disclosures of PHI that are not permitted or otherwise required
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Regulations and legal protection

HIPPA ctd…

A
  1. Ensures compliance by its workforce
  2. Ensures compliance by third parties with who information is shared
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Regulations and legal protection

The Sarbanes-Oxly Law of 2002 (SOX)

A
  • Most significant new securities law since the SEC was created in 1934
  • Places substantial responsibilities on officers and directors of public companies
  • Imposes significant criminal penalties on CEO’s, CFO’s and others
  • Obligates public companies to publicly address information security practices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Regulations and legal protection

SOX ctd…

A
  • Section 404 (most relevant to security) requires management develop, text, document, and monitor internal controls, disclosure controls, and procedures
  • Principles of corporate governance applied to public corporations have been extended to private companies through state laws or market forces
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Regulations and legal protection

The Red Flags Rule…Implements Sections 114 and 315 of the Fair and Accurate Credit Transaction (FACT) Act

A

The FTC requires each creditor holding an account with a reasonably foreseeable risk of ID theft, to develop and implement an Identity Theft Prevention Program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Regulations and legal protection

Red Flags Rule ctd…

Red flags that must be identified, detected, and responded to include:

A
  • Alerts, notifications, or warnings from a consumer reporting agency
  • Suspicious documents
  • Suspicious personally identifying information, such as a suspicious address
  • Unusual use of - or suspicious activity relating to - a covered account
  • Notices from customers, victims, LE, or other businesses about possible ID theft in connection with covered accts.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Regulations and Legal Protection

All successful IAP programs assign a specialist the responsibility of monitoring pending legislation and regulations related to the protection of information assets

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

The impact of cybercrime

Often the loss of productivity is more costly than the cost of cleaning up from the virus attack

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

The impact of cybercrime

The average cost to comply with state breach-disclosure laws now exceeds $200 per record

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

The impact of cybercrime

Based on the expansion of cybercrime into organized crime, many believe the insider threat is no longer the cause of most IT losses

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Computer Basics

The first computer was built by…?

A

Alan Turning during WWII to decrypt the German Enigma code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Computer Basics

Developed by Gordon Moore, co-founder of Intel, and states that the processing power of computers will double every eighteen months

A

Moore’s Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Computer Basics

A computer operates in two primary modes

A
  1. Stand-alone computing device
  2. Device that can communicate with other computers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Computer Basics

3 logical points of control for a computer

A

Input

Programs

Communications stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Network Basics

The most common type of network connection is to the…?

A

Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Network Basics

7 communication layers of the Open Systems Interconnect (OSI) model

A

Application

Presentation

Session

Transport

Network

Data link

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

IT Security Terminology

IDS

IT Intrusion Detection Systems monitor for malicious programs and unauthorized changes to files and settings, monitor network traffic, and provide real-time alarms for network-based attacks

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

IT Security Terminology

Sanitizing Media

A
  • Sanitizing: Removing data before the media is reused
  • Overwriting: Replacing data with meaningless data
  • Clearing: Eradicating data by overwriting or degaussing (laboratory techniques can recover “cleared” data)
  • Destroying: Physically damaging the media
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

IT Security Terminology

Logical network access control

A

The process by which users are identified and granted privileges to information, systems or resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

IT Security Countermeasures

Categories of IT Countermeasures

A

Administrative

Technical

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

IT Security Terminology

Where IT countermeasures are deployed

A
  • On the information systems infrastructure (technical)
  • Infrastructure management (administrative, technical, physical)
  • Executive and senior management (administrative, technical, physical)
  • Community-based (administrative, technical, physical)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

IT Security Terminology

Logical network access control

A

The process by which users are identified and granted privileges to information, systems or resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

IT Security - Encryption

Obscuring the meaning of information by altering or encoding it so it can only be decoded by people for whom it is needed

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Information Systems Security (ISS)

ISS Control Objectives

A

Protection

Detection

Recovery

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Information Systems Security (ISS)

Three “threat agents” (categories of threats) in ISS risk management

A

Nature

People

Virtual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Information Systems Security (ISS)

AAA Triad

A

Authentication

Authorization

Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

The purpose of employing an access control program includes:A) To protect persons materials, or informationB) To slow or speed up the rate of movement to, from, or within an establishmentC) To permit or deny entranceD) Both A and CE) All of the above

A

E) All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Identification and access control systems have the widest application of:A) Manual identification systemsB) Magnetic readersC) Bio-metric-based systemsD) Dielectric readersE) None of the above

A

A) Manual identification systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

The performance requirements of any trustworthy system of identification include:A) Resistance to surreptitious substitution or counterfeitingB) ReliabilityC) ValidityD) Both b and cE) All of the above

A

E) All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

A general defect of manual identification systems is that: A) Many are made of plasticB) Many do not have bio-metric characteristics on themC) Once issued, they tend to remain valid indefinitelyD) They lack identifying colorsE) None of the above

A

C) Once issued, they tend to remain valid indefinitely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Any formula, pattern, device, or compilation of information that is used in one’s business and that gives you an opportunity to gain an advantage over competitors who do not use it or know about it is:A) A patentB) A trade secretC) A monopolyC) Copyrighted materialE) None of the above

A

B) A trade secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

What is the most likely the main reason for loss of sensitive information?A) Industrial EspionageB) An employee’s loose lipsC) Inadvertent disclosureD) Deliberate theft by an outsiderE) Both b and cF) None of the above

A

E) Both b and c

101
Q

Which of the following should be part of an effective information security program?A) Pre-Employment screeningB) Nondisclosure agreements from employeesC) Employee awareness programsD) Policy and procedural statements on the recognition, classification, and handling of sensitive informationE) All of the above

A

E) All of the above

102
Q

Which of the following is generally not allowed to be disclosed on an employment questionnaire?A) Current residenceB) ReferencesC) Prior EmploymentD) Prior ArrestsE) None of the above

A

D) Prior Arrests

103
Q

The primary tool of preemployment screening is the:A) Application formB) InterviewC) PolygraphD) Investigator performing the interview

A

A) Application form

104
Q

To be within the definition of a trade secret, sensitive information must meet which of the following criteria?A) Individuals to whom it is disclosed must know that it is a secretB) It must be identifiableC) It must not be already available in public sourcesD) There must be some obvious indication that the owner is attempting to prevent its unauthorized disclosureE) all of the above

A

E) all of the above

105
Q

According to the “restatement of the law of torts,” a trade secret is:A) All information about a company that the company desires to protectB) Any formula, pattern, device, or compilation of information that is used in one’s business and that gives that business an opportunity to gain an advantage over competitors who do not know or use itC) Information about a company that is registered with the US Patent OfficeD) Both a and bE All of the above

A

B) Any formula, pattern, device, or compilation of information that is used in one’s business and that gives that business an opportunity to gain an advantage over competitors who do not know or use it

106
Q

A trade secret may be:A) A formula for chemical compoundB) A process of manufacturing materialsC) A pattern for a machineD) A list of customersE) All of the above

A

E) All of the above

107
Q

The characteristics of a trade secret as compared with other confidential information are:A) Those business secrets that have been duly registered pursuant to the requirements of lawB) Continuous or consistent business applications of a secret not known to others, from the use of which some advantage is gained by the userC) Those business secrets that are fully protected in accordance with the Federal Privacy ActD) Both a and cE) All of the above

A

B) Continuous or consistent business applications of a secret not known to others, from the use of which some advantage is gained by the user

108
Q

Which of the following is generally not true in regards to trade secrets?A) The more a business narrowly defines what it regards as a secret, the easier it is to protect that body of informationB) It is difficult to protect a trade secret that can be found in publicly accessible sourcesC) Secret information does not have to be specifically identifiableD) Secret information must be effectively protectedE) None of the above

A

E) None of the above

109
Q

In regard to a trade secret, it may be decided that its disclosure by another was innocent, rather than wrongful, even in the case where the person making the disclosure really was guilty of malice or wrong intent. This situation may occur when:A) The trade secret was not registeredB) The trade secret did not involve national defense informationC) The trade secret was not in current useD) There is absence of evidence that an owner has taken reasonable precautions to protect confidential informationE) All of the above

A

D) There is absence of evidence that an owner has taken reasonable precautions to protect confidential information

110
Q

Proprietary information is:A) Private information of a highly sensitive natureB) Information that must be classified according to executive order of the US GovernmentC) Sensitive information that is classified under federal regulationsD) Anything that an enterprise considered relevant to its status or operations and does not want to disclose publiclyE) None of the above

A

D) Anything that an enterprise considered relevant to its status or operations and does not want to disclose publicly

111
Q

The class of person under a duty to safeguard a proprietary secret is known as:A) AgentB) Proprietary security employeeC) FiduciaryD) Business associateE) None of the above

A

C) Fiduciary

112
Q

It is important for employees to know whether confidential information is a trade secret, or some other confidential material, because:A) If it is a trade secret, the employee may be prevented from disclosing it by injunctionB) if it is not a trade secret and it is disclosed, the employer must take action after the disclosure and must be able to provide some actual damage in order to recoverC) If it is not a trade secret, the information, once disclosed is no longer dependableD) If it is not a trade secret, the information, once disclosed cannot be further prevented from disclosure by an injunctionE) All of the above

A

E) All of the above

113
Q

Which of the following is not a correct statement as a general rule involving the protection of proprietary information:A) As a class, employees are the largest group of persons bound to secrecy because of their status or relationshipB) By operation of common law, employees are presumed to be fiduciaries to the extent that they may not disclose secrets of their employers without authorizationC) Other than the employees, any other persons to be bound to secrecy must agree to be so bound.D) Any agreements to be bound must always be in writing and are not implied from acts

A

D) Any agreements to be bound must always be in writing and are not implied from acts

114
Q

To effectively involve the law for the protection of sensitive information, the owner of the proprietary information must be able to show “objective indications of attempts to protect secrecy” Which of the following has been recognized in the past as such an indications?A) Use of warning signs to alert employees to sensitive data and the places where it is storedB) Separately storing sensitive information in security containers with appropriate security precautionsC) Special instructions providing a “need-to-know” basisD) Restrictions to non employee access to places containing sensitive information E) All of the above

A

E) All of the above

115
Q

Which of the following should be made part of a proprietary information protection program:A) Preemployment screeningB) Effective perimeter control systemC) Execution of patent and secrecy agreementD) Paper and data controlE) Both a and cF) All of the above

A

F) All of the above

116
Q

In designing a proprietary information protection program, the area of greatest vulnerability is:A) Personnel filesB) EmployeesC) ComputersD) Marketing DataE) Perimeter boundaries

A

B) Employees

117
Q

In devising proprietary information procedures, which of the following is considered to be a main area of paper or document vulnerability?A) Comprehensive paper controlsB) A Technical report systemC) Control and issue of notebooksD) All of the aboveE) None of the above

A

D) All of the above

118
Q

When a loss of proprietary information is discovered, which of the following steps should be taken first?A) Attempt to recover the materialB) Attempt to apprehend the perpetratorsC) Assess economic damageD) Reevaluate the protection systemE) All of the above

A

E) All of the above

119
Q

Which of the following would not be considered in the trade secret category?A) Salary dataB) Market surveysC) Personnel mattersD) Customer usage evaluationsE) All of the above

A

E) All of the above

120
Q

Litigations concerning former employees involving trade secrets have some problems. which of the following is considered to be such a problem?A) The cost of litigations is too high, and the owner of the trade secret may loseB) Litigation is a waste of timeC) the owner of the trade secret may have to expose the information that is being protectedD) Both a and cE) All of the above

A

D) Both a and c

121
Q

A trash cover is:A) A sealed cover on a trash containerB) The process of examining one’s trash for informationC) Placing the company’s trash in a locked containerD) Both a and cE) All of the above

A

B) The process of examining one’s trash for information

122
Q

Sound waves too high in frequency to be heard by the human ear, generally above 20 kHz, are known as:A) High-frequency sound wavesB) Microwave wavesC) Ultrasonic wavesD) Short-frequency sound wavesE) None of the above

A

C) Ultrasonic waves

123
Q

The process of combining a number of transmissions into one composite signal to be sent over one link is called:A) Transmission integrityB) Communication integrationC) A demultiplexerD) MultiplexingE) None of the above

A

D) Multiplexing

124
Q

Which of the following applies to the laser as a means of communication?A) Line-of-sight transmission is necessaryB) Poor weather conditions interfere with the beamC) It is proactively impossible to intercept the beam without detectionD) Both a and cE) All of the above

A

E) All of the above

125
Q

Electromagnetic radiation is detectable electromagnetic energy that is generated by electronic information processing devices. Which of the following is used to protect very sensitive equipment?A) A current carrier deviceB) Pneumatic cavity shieldingC) Tempest ShieldingD) Pen Register shielding

A

C) Tempest Shielding

126
Q

The practice of preventing unauthorized persons from gaining information by analyzing electromagnetic emanations from electronic equipment is often termed:A) BuggingB) VeilingC) TempestD) All of the aboveE) None of the above

A

C) Tempest

127
Q

Which of the following is not correct in regard to microwave transmissions:A) Microwave signals penetrate fog and snowB) Microwave signals are transmitted in short radio wavesC) A large number of microwave signals can be transmittedD) Microwave signals travel in curved linesE) Microwave signals are not affected by ordinary man made noiseD) None of the above

A

D) Microwave signals travel in curved lines

128
Q

A term used to indicate a method of disguising information so that it is unintelligible to those who should not obtain it:A) Interconnection decoyB) MultiplexingC) ScramblingD) Mixed signalE) None of the above

A

C) Scrambling

129
Q

The most secure scrambler in common use is the:A) Frequency inverterB) DecoderC) Laser beamD) VocoderE) None of the above

A

D) Vocoder

130
Q

The method used to monitor telephone calls by providing a record of all numbers dial from a particular phone is called:A) Electronic surveillanceB) Phone bugC) WiretapD) Pen RegisterE) None of the above

A

D) Pen Register

131
Q

A small hidden microphone and a radio transmitter are generally know as:A) A wiretapB) A bugC) A beeperD) Electronic surveillanceE) All of the above

A

B) A bug

132
Q

A specifically constructed microphone attached directly to an object or surface to be protected, which responds only when the protected object or surface is disturbed is known as a:A) Parabolic microphoneB) Special audio microphoneC) Contact microphoneD) Surreptitious microphoneE) None of the above

A

C) Contact microphone

133
Q

A microphone with a dislike attachment that is used for listening to audio from great distances is known as a(n):A) Contact microphone B) Parabolic microphoneC) Ultrasonic microphoneD) Both a and cE) None of the above

A

B) Parabolic microphone

134
Q

A microphone that is installed on a common wall adjacent to the target area when it is impractical or impossible to enter the target area is known as a:A) Carbon microphoneB) Parabolic microphoneC) Contact microphoneD) Dynamic microphoneE) None of the above

A

C) Contact microphone

135
Q

Which method of protection against telephone line eavesdropping is most reliable:A) Don’t discuss sensitive informationB) Use a radio jammerC) Use encryption equipmentD) Both a and cE) Use an audio jammer

A

D) Both a and c

136
Q

The unauthorized acquisition or dissemination by an employee of confidential data critical to his or her employer is known as:A) EmbezzlementB) LarcenyC) Industrial espionageD) BurglaryE) False pretenses

A

C) Industrial espionage

137
Q

The term eavesdropping refers to:A) WiretappingB) BuggingC) Trash coverD) Both a and bE) All of the above

A

D) Both a and b

138
Q

Which of the following methods could be used as a form of eavesdropping using a telephone instrument?A) Wiring can be altered so that the handset or receiver will act as an open microphoneB) A radio transmitter can be concealed in the microphone C) The infinity transmitter can be usedD) Both b and cE) All of the above

A

E) All of the above

139
Q

A microphone that requires no power source, is very small, and is difficult to detect has the characteristics of a(n):A) Contact microphoneB) Parabolic microphoneC) Dynamic microphoneD) Infinity microphoneE) None of the above

A

C) Dynamic microphone

140
Q

The frequency range best suited for a wireless microphone because it provides better security and lower interference:A) 25-50 mHzB) 88-104 mHzC) 88-120 mHzD) 150-174 mHzE) None of the above

A

E) None of the above

141
Q

Installation of a wireless radio eavesdropping usually consists of the following:A) Transmitter and receiverB) Power supplyC) AntennaD) MicrophoneE) Both a and dF) All of the above

A

F) All of the above

142
Q

The control software of a private board exchange (PBX) can be accessed and compromised by calling the telephone number of a device on the PBX from a computer and modem. The name of this PBX device is the:A) Internal and remote signal portB) Current carrier signaling portC) Time-domain reflectometerD) Remote maintenance access terminalE) None of the above

A

D) Remote maintenance access terminal

143
Q

Which of the following is not true regarding electronic eavesdropping:A) An effective countermeasure to detect evidence of electronic eavesdropping in telephone equipment should be conducted by a person who is technically familiar with such equipmentB) An effective countermeasure would be to conduct a physical search as well as an electronic searchC) all Wiring should be traced and accounted forD) A listening device installed in a wire will cause a crackling sound, click, or other noise that can beard on the lineE) None of the above

A

D) A listening device installed in a wire will cause a crackling sound, click, or other noise that can beard on the line

144
Q

The first federal legislation that attempted to regulate electronic surveillance in the United States was enacted by Congress in:A) 1910B) 1924C) 1934D) 1968E) 1971

A

C) 1934

145
Q

The manufacture, distribution, possession, and advertising of wire or oral communication interception devices is prohibited by:A) The Fourth AmendmentB) The Fifth AmendmentC) The Federal Communications Act of 1934D) The Omnibus Crime Control and Safe Streets Act of 1968E) The FBI

A

D) The Omnibus Crime Control and Safe Streets Act of 1968

146
Q

Which of the following is not a requirement under the Omnibus Crime Control and Safe Streets Act of 1968 before a court may give permission for an electronic surveillance A) The identity of the offender should be statedB) The crime must be any felony under federal lawC) The place and location of the electronic surveillance must be statedD) Initial approval must be granted by the attorney general of the United States or by a specially designated attorney generalE) All of the above

A

B) The crime must be any felony under federal law

147
Q

The criminal punishment for violation of the wiretapping phases of the Omnibus Crime Control and Safe Streets Act of 1968 is:A) A $10,000 fineB) 6 months in jail and/or a $5,000 fineC) 1 year in jail and/or a $10,000 fineD) 5 years in prison and/or a $10,000 fineE) None of the above

A

D) 5 years in prison and/or a $10,000 fine

148
Q

Which of the following is provided for by the Omnibus Crime Control and Safe Streets Act of 1968?A) It prohibits wiretapping or bugging unless the party to the intercepted conversation gives consentB) It prohibits the manufacture and distribution of oral communication interceptor devicesC) Nonfederal law enforcement representatives are denied the rights to make use of electronic surveillance unless there is a state statute permitting it.D) Both a and bE) All of the above

A

E) All of the above

149
Q

Title III of the Omnibus Crime Control and Safe Streets Act of 1968 requires that an approval for electronic surveillance must be obtained from the:A) Chief justice of the Supreme CourtB) Director of the FBIC) Attorney general of the United States or any specially designated assistant attorney generalD) Director of the CIAE) All of the above

A

C) Attorney general of the United States or any specially designated assistant attorney general

150
Q

Criminal violations involving theft of trade secrets could be covered by:A) Statues on theft of tradeB) Bribery statues involving trade secretsC) Statues n receipt of stolen propertyD) Statutes on criminal conspiracy E) All of the above

A

E) All of the above

151
Q

The public statute passed to protect personal information in the possession of the federal agencies is:A) The Espionage StatueB) The Unauthorized Disclosure ActC) The Omnibus Crime Control and Safe Streets Act of 1968D) The Privacy Act of 1974E) None of the above

A

D) The Privacy Act of 1974

152
Q

The Privacy Act of 1974 provides which of the following safeguards?A) Permits individuals to gain access to certain information pertaining to themselves in federal agency recordsB) Permits individuals to determine what records pertaining to themselves are collected and maintained by federal agenciesC) Permits individuals to prevent certain records pertaining to themselves from being used or made available for another purpose without their consentD) Requires federal agencies to be subject to civil suits for damages that may occur as a result of willful or intentional action that violates an individuals rights under the Privacy Act of 1974E) All of the above

A

E) All of the above

153
Q

Which of the following would not be permitted to review a students record according to the Family Educational Rights and Privacy Act of 1974:A) Law enforcement officialsB) Other school officialsC) The school’s registrar’s officeD) All of the aboveE) None of the above

A

A) Law enforcement officials

154
Q

Which of the following characteristics pertains to a good information management program?A) An employee education program for those who utilize the classification systemB) Limited number of individuals who can initiate classification of informationC) Limitation of the duration during which the classification will remain in effectD) All of the aboveE) None of the above

A

D) All of the above

155
Q

What are the three most common methods of information loss to be guarded against?A) Newspaper articles, magazine articles, televisionB) Employee payroll, personnel matters, market surveysC) Theft by an insider, inadvertent disclosure, industrial espionageD) Employee hiring, magazine articles, industrial espionageE) None of the above

A

C) Theft by an insider, inadvertent disclosure, industrial espionage

156
Q

The elements of an information security program include:A) informing employees that the information is to be protectedB) Establishing the use of patent or nondisclosure agreementsC) Designation of certain information as sensitiveD) providing the means for employees to protect sensitive informationE) All of the above

A

E) All of the above

157
Q

Which of the following statements is not true in regard to an information security program?A) The information security program is an attempt to make theft of sensitive information difficult, not necessarily to eliminate it.B) The protection afforded against losses by either internal or external sources is, at best, limitedC) A good information security program will provide total protection from industrial espionageD) A trust relationship must be established and maintained with employeesE) The goodwill and compliance of employees is crucial for success.

A

C) A good information security program will provide total protection from industrial espionage

158
Q

Vital records normally constitute what percentage of the company’s total records?A) 2%B) 5%C) 10%D) 15%E) 20%

A

A) 2%

159
Q

Which of the following is considered to be an approved method of protecting vital records?A) On-site storage in vaults or safesB) Protection of original vital recordsC) Natural dispersal within an outside organizationD) Planned dispersal of copies of vital recordsE) All of the above

A

E) All of the above

160
Q

The term social engineering is:A) A function of the personnel department in which like persons are teamed together in workshops or seminars for maximum productivityB) The subtle elicitation of information without revealing the true purpose of the callC) The specific design of a business stricture to facilitate the interaction of the inhabitantsD) Both a and cE) None of the above

A

B) The subtle elicitation of information without revealing the true purpose of the call

161
Q

Competitive intelligence gathering is a legitimate activity that is engaged in by many firms throughout the worlds. The important function of competitive intelligence is to :A) Alert senior management to changes in protocol in foreign countriesB) Alert senior management to the personal habits of competitive senior managementC) Alert government intelligence agencies to marketplace changes D) Alert senior management to marketplace changes in order to prevent surpriseD) All of the above

A

D) Alert senior management to marketplace changes in order to prevent surprise

162
Q

The Secretary of Defense is not authorized to act on behalf of the following agency or department in rendering industrial security services:A) Department of CommerceB) Central Intelligence AgencyC) Department of JusticeD) Department of LaborE) None of the above

A

B) Central Intelligence Agency

163
Q

The overall policy guidance for the Defense Industrial Security Program is provided by:A) The Federal Bureau of InvestigationB) The Deputy Undersecretary of Defense for PolicyC) The Assistant Chief of Staff in IntelligenceD) The Defense Intelligence AgencyE) None of the above

A

B) The Deputy Undersecretary of Defense for Policy

164
Q

The Defense Industrial Security Program on behalf of all user agencies is administered by the:A) Director, Defense Investigative ServiceB) Comptroller, Assistant Secretary of DefenseC)Deputy Undersecretary of Defense for PolicyD) Defense Industrial Security Clearance OfficeE) None of the above

A

A) Director, Defense Investigative Service

165
Q

The executive order that applies to classified information is:A) E.O. 1044B) E.O. 1066C) E.O. 12065D) E.O. 12523E) E.O. 114084

A

C) E.O. 12065

166
Q

A controlled area established to safeguard classified material that, because of it size or nature, cannot be adequately protected by other prescribed safeguards is termed to be:A) A restricted areaB) A classified areaC) A closed areaD) A limited areaE) None of the above

A

C) A closed area

167
Q

The DIS regional office under the support of the director of instrumental security that has jurisdiction over the geographical area in which a facility is located is called the:A) Regional Security OfficeB) Division Security OfficeC) Clearance OfficeD) Cognizant Security OfficeE) None of the above

A

D) Cognizant Security Office

168
Q

Technical and intelligence information derived from foreign communication by other than the intended recipient is know as:A) Restricted dataB) Communications intelligenceC) Classified security mattersD) Highly confidentialE) None of the above

A

B) Communications intelligence

169
Q

The designation that should be applied to information or material showing unauthorized disclosure that could be reasonably be expected to cause damage to national security is:A) RestrictedB) Top SecretC) ConfidentialD) Unauthorized disclosureE) None of the above

A

C) Confidential

170
Q

Technical information used for training, maintenance, and inspections of classified military munitions of war would be classified as:A) RestrictedB) ClassifiedC) Top secretD) ConfidentialE) Cosmic

A

D) Confidential

171
Q

A designation or marking that identifies classified operational keying material and that indicates the material requiring special consideration with respect to access, storage, and handling is:A) CosmicB) SpecialC) CryptoD) Communications IntelligenceE) Red flagged

A

C) Crypto

172
Q

The portion of internal security that is concerned with the protection of classified information in the hands of US industry is called:A) Information securityB) Classified securityC) National SecurityD) Industrial securityE) Communications security

A

D) Industrial security

173
Q

The result of any system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure of information and is authorized by executive order or statute is called:A) Computer securityB) Industrial securityC) Personnel securityD) Communications securityE) Information security

A

E) Information security

174
Q

An administrative determination that an individual is eligible for access to classified information is:A) Personnel security clearanceB) Industrial security clearanceC) National security clearanceD) Communications security clearanceE) None of the above

A

A) Personnel security clearance

175
Q

The combinations to safe, containers, and vaults should be changed:A) Every 3 monthsB) Every 4 monthsC) Every 6 monthsD) Every 9 monthsE) Every year

A

E) Every year

176
Q

The designation that shall be applied only to information or material unauthorized disclosure of which could reasonably be expected to cause serious damage to national security:A) RestrictedB) SecretC) Confidential D) Top secretE) Unauthorized disclosure

A

B) Secret

177
Q

Information regarding the revelation of significant military plans or intelligence operations should be classified as:A) RestrictedB) SecretC) ConfidentialD) Top secretC) Cosmic

A

B) Secret

178
Q

The designation that should only be applied to information or material unauthorized disclosure of which could reasonably be expected to cause exceptional grave damage to national security is:A) RestrictedB) SecretC) ConfidentialD) Top secretE) Cosmic

A

D) Top secret

179
Q

Information that could lead to the compromise of vital national defense plans or complex cryptologic and communications intelligence systems should be classified as:A) RestrictedB) SecretC) ConfidentialD) Top secretE) Cosmic

A

D) Top secret

180
Q

Regulations of the Department of Defense require that the contractor shall establish such procedures as are necessary to ensure that any employee discovering the loss, compromise, or suspected compromise of classified information outside a facility promptly reports to:A) The Defense Intelligence AgencyB) The Defense Industrial Security Clearance OfficeC) The nearest FBI officeD) Comptroller, Assistant Secretary of DefenseE) The Industrial Security Office

A

C) The nearest FBI office

181
Q

Defense Department regulations require the identification card of a defense contractor to include a:A) Distinctive color codingB) ThumbprintC) Photograph of the holderD) Symbol codeE) all of the above

A

C) Photograph of the holder

182
Q

Which of the following should definitely not appear on the identification card of employees of defense contractors?A) Distinctive color codingB) Symbol codeC) Top secret or secretD) ConfidentialE) Both c and dF) All of the above

A

E) Both c and d

183
Q

No invitation, written or oral, shall be given to a foreign national or to a representative of a foreign interest to attend any session of a meeting sponsored by a Department of Defense activity until:A) A full field investigation has resulted in the necessary security clearanceB) Approval for attendance has been received from the sponsoring activityC) The Department of the State has given approvalD) The CIA has given approvalE) None of the above

A

B) Approval for attendance has been received from the sponsoring activity

184
Q

A document that is classified “confidential” shall exhibit the marking at:A) The top of the pageB) The bottom of the pageC) The right-had side of the pageD) The left-hand side of the pageE) Both the top and bottom of the page

A

E) Both the top and bottom of the page

185
Q

The basic document for conveying to the contractor that classification and declassification specifications for classified contract is:A) Form DD-254B) Form DD-441C) Form DD-482D) Form DD-562E) Form DD-1541

A

A) Form DD-254

186
Q

Unclassified material should:A) Be marked “unclassified” at the top of the pageB) Be marked “unclassified” at the bottom of the pageC) Be marked “unclassified” at the top and bottom of the pageD) Be marked “unclassified” anywhere on the pageE) Have no marking

A

E) Have no marking

187
Q

An unclassified document that is attached to a classified document should have a notation stating:A) “Classified same as enclosure”B) “Treat as classified”C) “Unclassified when separated from classified enclosure”D) No notation neededE) None of the above

A

C) “Unclassified when separated from classified enclosure”

188
Q

Whenever classified information is downgraded, declassified, or upgraded, the material shall be promptly and conspicuously marked to indicate:A) What was changedB) The date it was changedC) The identity of the person taking the actionD) All of the aboveE) None of the above

A

D) All of the above

189
Q

Foreign classified material should be marked in accordance with instruction received from:A) The Defense Intelligence AgencyB) The foreign contacting authorityB) The FBID) The Industrial Security OfficeE) None of the above

A

B) The foreign contacting authority

190
Q

Department of Defense regulations regarding the protection of classified information requires that defense contractors maintain accountability of top secret information for a minimum time of:A) 1 yearB) 2 yearsC) 3 yearsD) 4 yearsE) 5 years

A

C) 3 years

191
Q

When not in use, top secret information should be stored in a:A) Class A vaultB) Class B vaultC) Class C vaultD) Class D vaultE) Class E vault

A

A) Class A vault

192
Q

Which of the following is prohibited by the Department of Defense regulations regarding the method of transmitting top secret information outside a facility?A) Electronic means in a crypto systemB) Armed Forces Courier ServiceC) Designated courier that has been clearedD) US Postal ServiceE) Specifically designated escort

A

D) US Postal Service

193
Q

Secret information can be transmitted by which of the following means according to Department of Defense regulations?A) Designated courier that has been clearedB) US Registered MailC) Armed Forces Courier ServiceD) Both a and cE) All of the above

A

E) All of the above

194
Q

Department of Defense regulations indicate that destruction of classified information can be accomplished by:A) MeltingB) BurningC) MutilationD) Chemical decompositionE) All of the above

A

E) All of the above

195
Q

Which of the following has the appropriate security clearance in the destruction of top secret and secret information according to Department of Defense regulationsA) Two employees of the defense contractorB) Three employees of the defense contractorC) Four employees of the defense contractorD) One employee of the Department of Defense and two employees of the defense contractorE) None of the above

A

A) Two employees of the defense contractor

196
Q

According to Department of Defense regulations, if classified material is removed from the facility for destruction, it should be destroyed:A) The same day it was removedB) Within 2 daysC) Within 4 daysD) Within 1 weekE) Within 10 days

A

A) The same day it was removed

197
Q

According to Department of Defense regulations, to be eligible for a personnel security clearance for confidential information, the following age must be attained:A) 16B) 18C) 20D) 21E) 25

A

A) 16

198
Q

According to Department of Defense regulations, the security clearance of a contractual employee shall be effective for:A) 6 monthsB) 1 yearC) 2 yearsD) 5 yearsE) As long as he or she is employed by the contractor

A

E) As long as he or she is employed by the contractor

199
Q

According to Department of Defense regulations, the following are not eligible for a personnel security clearance:A) All foreign nationalsB) All foreign national except those granted reciprocal clearancesC) Only foreign nationals that are from a communist countryD) Only foreign nationals that are under 16E) None of the above

A

B) All foreign national except those granted reciprocal clearances

200
Q

A facility security clearance should not be granted to contractor activities:A) In Puerto RicoB) In facilities determined to be under foreign ownership, control, or influenceC) In US trust territoriesD) Both a and cE) All of the above

A

B) In facilities determined to be under foreign ownership, control, or influence

201
Q

For personnel security clearances required in connection with a facility security clearance, applications shall be submitted to the:A) Defense Intelligence AgencyB) Industrial Clearance OfficeC) Contracting officerD) Cognizant Security OfficeE) Central Intelligence Agency

A

D) Cognizant Security Office

202
Q

According to Department of Defense regulations, “interim” personnel security clearances must be approved by the:A) Defense Intelligence AgencyB) Industrial Clearance OfficeC) Contracting officerD) Cognizant Security OfficeE) None of the above

A

C) Contracting officer

203
Q

Department of Defense regulations require initial approval in writing prior to processing any classified information in a ADP system by which of the following authorities?A) Head of the Industrial Security Clearance OfficeB) National Security AgencyC) Cognizant Security OfficeD) Contracting officerE) Defense Intelligence Agency

A

C) Cognizant Security Office

204
Q

An ADP system that operates in a manner where all users with access to the system have a security clearance and a need-to-know status for all classified information that is in the system is known as:A) Classified security modeB) Restricted security modeC) Controlled security modeD) Dedicated security modeE) Limited security mode

A

D) Dedicated security mode

205
Q

An ADP system that operates in a manner in which all users with access to the system have a security clearance for the highest classification and most restrictive types of information in the system is know as:A) Classified security modeB) Restricted security modeC) Controlled security modeD) System high-security modeE) Dedicated security mode

A

D) System high-security mode

206
Q

An ADP system that operates in a manner in which at least some of the users with access to the system have neither a security clearance nor need-to-know status for all classified inflammation that is int he system, but in a manner that the cognizant security officer or a higher authority has determined that the necessary degree of security has been achieved and maintained, is known as:A) Limited security modeB) Classified security modeC) Controlled security modeD) Restricted security modeE) Dedicated security mode

A

C) Controlled security mode

207
Q

The ADP system security supervisor or designee should review the audit trail logs at least:A) DailyB) WeeklyC) MonthlyD) BimonthlyE) Quarterly

A

B) Weekly

208
Q

The Department of Defense Personnel Security Questionnaire (Industrial) Form is:A) DD-16B) DD-48C) DD-254D) DD-441E) DD-482

A

B) DD-48

209
Q

According to Department of Defense regulations, which of the following document is not acceptable proof of US citizenship concerning the safeguarding of classified information?A) Birth certificateB) Certification of naturalizationC) Certificate of citizenshipD) Certified copy of baptismal recordE) All of the above

A

D) Certified copy of baptismal record

210
Q

All propriety information is sensitive, while not all sensitive information is proprietary. An example of information that is not proprietary even though the organization would treat is as sensitive is:A) The customer database of the organizationB) Confidential personnel data in employee filesC) Strategic marketing plans in which the use of outside marketing firms is contemplatedD) Specification for product components that are produced by a subcontractor

A

B) Confidential personnel data in employee files

211
Q

Trade secrets are generally afforded greater legal protection than other proprietary information. Which of the following is not an element of the test for a trade secret?A) Be identifiableB) Not already be available in public sourcesC) Be disclosed only to persons with a duty to protect itD) Be technical or product related

A

D) Be technical or product related

212
Q

The major reason for the loss of sensitive information is: A) EspionageB) Intentional disclosure by an insiderC) Inadvertent disclosureD) Disclosure though legal proceedings

A

C) Inadvertent disclosure

213
Q

Competitive intelligence gathering is a legitimate activity, which is engaged in by many firms throughout the world. The most important function of competitive intelligence is to:A) Alert senior management to marketplace changes in order to prevent surpriseB) Alert senior management as to the personal habits of competitive senior managementC) Alert government intelligence agencies to marketplace changesD) Alert senior management to changes in protocol in foreign countries

A

A) Alert senior management to marketplace changes in order to prevent surprise

214
Q

A microphone with a large disk-like attachment used for listening to audio from great distances is known as: A) Contact microphoneB) Spike microphoneC) Parabolic microphoneD) Moving-coil microphone

A

C) Parabolic microphone

215
Q

Sound waves too high in frequency to be heard by the human ear, generally above 20kHz, are known as:A) MicrowavesB) UltrasonicC) High frequencyD) Short wave

A

B) Ultrasonic

216
Q

Two methods of protection against telephone line eavesdropping are apparently reliable. The first method is “don’t discuss sensitive information” and the other is:A) To use a wire tap detectorB) To use a radio jammerC) To use a audio jammerD) To use encryption equipment

A

D) To use encryption equipment

217
Q

The unauthorized acquisition of sensitive information is known as:A) Industrial espionageB) EmbezzlementC) LarcenyD) False pretenses

A

A) Industrial espionage

218
Q

Proprietary information is:A) Information that must be so classified under government orderB) Private information of highly sensitive characterC) Defense data that must be classified according to federal regulationsD) Anything that an enterprise considers relevant to its status or operations and does not want to disclose publicly

A

D) Anything that an enterprise considers relevant to its status or operations and does not want to disclose publicly

219
Q

A trade secret is:A) Any formula, pattern, device, or compilation of information that is used in one’s business and that gives that business an opportunity to gain an advantage over competitors who do not know or use it.B) All information about a company that the company desires to protectC) Information of a company that is registered as such with the US Patent OfficeD) Information so designated by the government

A

A) Any formula, pattern, device, or compilation of information that is used in one’s business and that gives that business an opportunity to gain an advantage over competitors who do not know or use it.

220
Q

The control software of a Private Board Exchange (PBX) can be accessed and compromised by calling the telephone number of a devices on the PBX from a computer and modem. What is this access device called?A) Time-domain reflectometerB) Remote maintenance access terminalC) Current carrier signalling portD) Internal and remote signal port

A

B) Remote maintenance access terminal

221
Q

Which of the following is generally not true with regard to proprietary information?A) Secret information does not have to be specifically identifiableB) Secret information must be such that it can be effectively protectedC) The more narrowly a business defines what it regards a secret, the easier it is to protected that body of informationD) It is difficult to protect as a trade secret that which can be found in publicly accessible sources

A

A) Secret information does not have to be specifically identifiable

222
Q

With respect to trade secrets, it may be decided that its disclosure by another was innocent rather than wrongful, even in the case where the person making the disclosure really was guilty of malice or wrong intent. This situation may occur when:A) There is absence of evidence that an owner has taken reasonable precautions to protect confidential informationB) The trade secret was not registeredC) The trade secret did not involved national defense informationD) The trade secret was not in current use

A

A) There is absence of evidence that an owner has taken reasonable precautions to protect confidential information

223
Q

The class of person under duty to safeguard a proprietary secret is known as:A) AgentsB) PrincipalsC) FiduciariesD) Business associates

A

C) Fiduciaries

224
Q

Which of the following is not a correct statement, or a general rule, involving the protection of proprietary information?A) By operation of common law, employees are presumed to be fiduciaries to the extent that they may not disclose secrets of their employees without authorization.B) As a class, employees are the largest group of persons bound to secrecy because of their status or relationshipC) Other than employees, any other persons bound to secrecy must agree to be bound.D) Any agreements to be bound must always be in writing and are implied from acts.

A

D) Any agreements to be bound must always be in writing and are implied from acts.

225
Q

The term eavesdropping refers to:A) Wiretapping onlyB) Bugging onlyC) Both wiretapping and buggingD) Mail covers

A

C) Both wiretapping and bugging

226
Q

A microphone that has the characteristics of requiring no power sourced to operate it and being quite small, relatively difficult to detect, and offered by equipment suppliers in such items as cuff links and hearing aids is known as a:A) Carbon microphoneB) Dynamic microphoneC) Contact microphoneD) Parabolic microphone

A

B) Dynamic microphone

227
Q

A microphone that is normally installed on a common wall adjoining a target area when it is impractical or impossible to enter the area to make a microphone installation is a:A) Carbon microphoneB) Dynamic microphoneC) Contact microphoneD) Parabolic microphone

A

C) Contact microphone

228
Q

Which of the following is not true with regard to electronic eavesdroppingA) A listening devices installed in a wire will cause a cracking sound, click, or other noise that can be heard on the lineB) There should be an effective countermeasures survey to detect evidence of electronic eavesdroppingC) equipment in telephones must be conducted by a person technically familiar with such equipmentD) All wiring should be traced out and accounted for in a countermeasure surveyE) In a countermeasure survey to detect electronic eavesdropping, a physical search should be utilized as well as an electronic search

A

A) A listening devices installed in a wire will cause a cracking sound, click, or other noise that can be heard on the line

229
Q

In designing a proprietary information protection program, the area of greatest vulnerability is:A) Personnel filesB) Marketing dataC) EmployeesD) Computers

A

C) Employees

230
Q

A nonlinear junction detector is used to locate eavesdropping devices by:A) Detecting the semiconductor components that comprise their circuitsB) Recording changes in the voltage on a telephone lineC) Measuring the distance from a known point to the indicated location of a telephone line attachmentD) Detecting infrared emissions.

A

A) Detecting the semiconductor components that comprise their circuits

231
Q

Which of the following statements is incorrect with regard to an information security program?A) A good information security program will provide absolute protection against an enemy spyB) The information security program is an attempt to make theft of sensitive information difficult, not necessarily eliminate itC) A trust relationship must be established and maintained with employeesD) The good will and compliance of employees is crucial for success

A

A) A good information security program will provide absolute protection against an enemy spy

232
Q

A specially constructed microphone attached directly to an object or surface to be protected and that responds only when the protected object or surface is disturbed is know as a:

A

Contact microphone

233
Q

Social engineering is:A) The conversation involved in the beginning of romantic relationshipB) A function of the personnel department in which like persons are teamed together in workshops or seminars for maximum productivityC) The subtle elicitation of information without revealing the true purpose of the callD) The specific design of a business structure to facilitate the interaction of the inhabitants.

A

C) The subtle elicitation of information without revealing the true purpose of the call

234
Q

A former employee who had access to your trade secret information is now employed by a competitor and is apparently using the trade secret information to gain market share. There are several serious factors you should consider before you institute litigation in the matter. Which of the following is not a serious factor the be considered?A) You may have to expose the very secrets you are attempting to protectB) the cost of litigation may exceed the value of the secret informationC) You may lose a law caseD) Other employees may leave the company and attempt to use the trade secret information in the business of a new employer

A

D) Other employees may leave the company and attempt to use the trade secret information in the business of a new employer

235
Q

Electromagnetic radiation is detectable electromagnetic energy generated by electronic information processing devices. Which of the following is used to protect very sensitive equipment?A) A current carrier deviceB) Pneumatic cavity shieldingC) Tempest shieldingD) Pen register shielding

A

C) Tempest shielding

236
Q

Piracy refers to the illegal duplication and distribution of recordings. Which from is not considered piracy?A) PiratingB) DownloadingC) BootleggingD) Counterfeiting

A

B) Downloading

237
Q

To prevent cyber crime, it is not a good strategy to:A) Install a fire protection systemB) Assign passwords or codesC) Disable unused computer servicesD) Update software for improving security

A

A) Install a fire protection system

238
Q

Which federal statute does not protect information and communications systems?A) USA PATRIOT ActB) Economic Espionage ActC) Civil Rights ActD) Sarbanes- Oxley Act

A

C) Civil Rights Act

239
Q

A trade secret consists of which of the following?A) Any formula, pattern, device, or compilation of information that is used in one’s business and that gives that business an opportunity to gain an advantage over competitors who do not know or use itB) Answers a and cC) It may be a formula for chemical compound; a process of manufacturing, treating, or preserving materials; or a pattern for a machine or other deviceD) A list of customersE) Answers A,C, and D

A

A) Any formula, pattern, device, or compilation of information that is used in one’s business and that gives that business an opportunity to gain an advantage over competitors who do not know or use it

240
Q

Which of the following are basic elements of trade secrets?A) It must be secret and not known to othersB) It must be used in the business of the owner of the secret to obtain an advantageC) There must be continuous or consistent business applications of the secretD) Answers a and bE) all of the above

A

D) Answers a and b

241
Q

Which of the following is not a primary distinction between patents and trade secrets?A) Requirements for obtaining a patent are not specificB) A much lower level novelty is required of a trade secretC) Trade secrets are targetsD) To qualify for a patent, the invention must be more than novel and usefulE) it must represent a positive contribution beyond the skill of the average personF) Because anyone can purchase a patent, there are no industrial espionage targets in a patent invention

A

A) Requirements for obtaining a patent are not specific

242
Q

Which of the following statements is correct involving proprietary information?A) All confidential information is proprietary, but not all proprietary information is confidentialB) All proprietary information is not confidentialC) All proprietary information is confidential, but not all confidential information is proprietaryD) All confidential information is proprietaryE) Answers b and d

A

C) All proprietary information is confidential, but not all confidential information is proprietary

243
Q

Which of the following are broad threats to proprietary information?A) It can be lost through inadvertent disclosureB) An outsider can deliberately steal itC) An insider can delibertly steal itD) Answers b and cE) Answers a, b, and c

A

E) Answers a, b, and c

244
Q

Which of the following should not be included in an effective proprietary information security program?A) Designation of appropriate data as insensitiveB) Informing and notifying employeesC) Full utilization of secret agreements with employeesD) Providing physical means to protect sensitive dataE) Treating sensitive information as propriety

A

A) Designation of appropriate data as insensitive

245
Q

The contact microphone is usually a crystal microphone and is normally installed on a common wall adjoining a target area. Which of the following is a advantageous of the contact microphone?A) Signals generated are weakB) Microphones received other soundsC) It is affected by changes in temperature and humidityD) Answers b and cE) All of the above

A

E) All of the above

246
Q

What is the best way to protect any type of data?

A

Encrypt it

247
Q

Any information containing which of the following elements is considered to be a valuable asset requiring protection?A) Production of goodsB) Locating and retaining customersC) Production servicesD) Answers a and bE) All of the above

A

E) All of the above

248
Q

Which of the following is the most serious threat to trade secrets?A) CompaniesB) MediaC) EmployeesD) CustomersE) None of the above

A

C) Employees

CPP Cert Study Flash Cards COPY (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions