IS3230 CHAPTER 5 Flashcards Preview

IS3230 ACCESS CONTROL, KEY INFRASTRUCTURE > IS3230 CHAPTER 5 > Flashcards

Flashcards in IS3230 CHAPTER 5 Deck (24):
1

A confirmed event that compromises the confidentiality, integrity, or availability of information is called ___.

BREACH

2

Requires a business operating in California to notify customers when it has reason to believe that personal information has been disclosed through unauthorized access is called ___.

CALIFORNIA IDENTITY THEFT STATUTE

3

A federal criminal statute designed to protect electronic data from theft is called ___.

COMPUTER FRAUD AND ABUSE ACT (CFAA)

4

A method of scrambling data for security purposes. Published in 1974, it has since been broken and is no longer considered highly secured is called ___.

DATA ENCRYPTION STANDARD (DES) ENCRYPTION

5

A US copyright law that enacts criminal penalties for breaking or distributing technology designed to break digital rights management technologies is called ___.

DIGITAL MILLENNIUM COPYRIGHT ACT (DMCA)

6

Random data that is used as the basis for an encryption algorithm. The randomness of this data provides an additional layer of security to the encryption is called ___.

HASH SALT

7

The method used to store passwords up to 15 characters in Windows operating systems prior to Window Vista is called ___.

LAN MANAGER (LM) HASH

8

A challenge-response authentication protocol used by NT servers when using the Server Message Block (SMB) protocol is called ___.

NTLM HASH

9

A comprehensive process for determining the privacy, confidentiality, and security risks associated with the collection, use, and disclosure of personal information. It also describes the measures used to mitigate, and if possible, eliminate identified risks is called ___.

PRIVACY IMPACT ASSESSMENT (PIA)

10

An ID badge with an embedded radio frequency identification chip. This chip can store information about the badge holder, such as authentication information and security access levels is called ___.

RADIO FREQUENCY IDENTIFICATION (RFID) BADGES

11

An encrypted password database used in Unix and Linus operating systems is called ___.

SHADOW PASSWORD

12

A group of 188 nations that have signed treaties to protect intellectual property across national borders is called ___.

WORLD INTELLECTUAL PROPERTY ORGANIZATION (WIPO)

13

1. Information security falls strictly under the jurisdiction of federal law--state law does not restrict information security practices.
TRUE OR FALSE

FALSE

14

2. The two primary federal law that are concerned with information security are the Digital Millennium copyright Act and the ____.

Computer Fraud and Abuse Act

15

3. Which federal law discussed in the chapter allows civil actions to be brought against individuals who sell passwords?
1. CFAA
2. DMCA
3. DCMA
4. CFFA

CFAA

16

4. Which federal law provides penalties for circumventing digital rights management?
1. CFAA
2. DMCA
3. DCMA
4. CFFA

DMCA

17

5. Which law discussed in the chapter is concerned with preventing identity theft?
1. California Identity Theft Statute
2. Federal Identity Theft Statute
3. Idaho Identity Theft Statute
4. Colorado Identity Theft Statute

California Identity Theft Statute

18

6. Which of the following are effective physical security policies?
1. All physical security must comply with all applicable regulations such as building and fire codes.
2. Access to secure computing facilities will be grand only to individuals with a legitimate business need for access
3. All secure computing facilities that allow visitors must have an access log
4. Visitors must be escorted at all times
5. All the above

ALL THE ANSWERS
1. All physical security must comply with all applicable regulations such as building and fire codes.
2. Access to secure computing facilities will be grand only to individuals with a legitimate business need for access
3. All secure computing facilities that allow visitors must have an access log
4. Visitors must be escorted at all times

19

7. What are the two primary causes of access control failure discussed in the chapter? (More than one may apply)
1. People
2. Planning
3. Technology
4. Implementation
5. Follow-up analysis

People.
Technology

20

8. Which of the following are types of security breaches? (Choose all that apply)
1. System exploits
2. DoS attacks
3. PII
4. Eavesdropping
5. Social engineering

System exploits
DoS attacks

Eavesdropping
Social engineering

21

9. Anything from an organization's operating system to its choice of Web browser or instant messaging client could be an access point for unauthorized access to the systems.
TRUE OR FALSE

TRUE

22

10. When should a privacy impact assessment be performed?
1. During the planning stages of a new system
2. After a new system is designed
3. After a new system is implemented
4. After a security breach

During the planning stages of a new system

23

11. The two most common motives for a security breach are monetary gain and gain ____.

VANDALISM

24

12. A security breach can result in criminal penalties as well as financial losses.
TRUE OR FALSE

TRUE