Intro to Cyberspace & Cybersec Modules 1-6 Review Assignments
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/517
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
518 Terms
Software is often created under the constraints of ________ management, placing limits on time, cost, and manpower.
project
The Internet brought ________ to virtually all computers that could reach a phone line or an Internet-connected local area network.
connectivity
Much of the early research on computer security centered on a system called Management Information and Computing Service (MULTICS). _______
True
False
False
Of the two approaches to information security implementation, the top-down approach has a higher probability of success. _______
True
False
True
An information system is the entire set of __________, people, procedures, and networks that enable the use of information resources in the organization.
data
software
All of the above
hardware
All of the above
Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n) _________.
threat
The ________ of information is the quality or state of ownership or control of some object or item.
possession
During the early years of computing, the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.
True
False
True
A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.
True
False
True
Which of the following is a valid type of role when it comes to data ownership?
Data owners
Data custodians
All of the above
Data users
All of the above
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, often referred to as the bottom-up approach. _______
True
False
True
According to the CNSS, networking is "the protection of information and its critical elements." _______
True
False
False
The ________ component of an information system comprises applications, operating systems, and assorted command utilities.
software
Using a methodology will usually have no effect on the probability of success.
True
False
False
________ enables authorized users—people or computer systems—to access information without interference or obstruction and to receive it in the required format.
Availability
A technique used to compromise a system is known as a(n) ___________.
access method
risk
exploit
asset
exploit
The probability of an unwanted occurrence, such as an adverse event or loss, is known as a(n) _________.
risk
During the early years, information security was a straightforward process composed predominantly of ________ security and simple document classification schemes.
physical
When unauthorized individuals or systems can view information, confidentiality is breached. _______
True
False
True
Every organization, whether public or private and regardless of size, has information it wants to protect. ______
True
False
True
To achieve balance—that is, to operate an information system that satisfies the user and the security professional—the security level must allow reasonable access, yet protect against threats.
True
False
True
Individuals who are assigned the task of managing a particular set of information and coordinating its protection, storage, and use are known as data __________.
users
owners
custodians
trustees
trustees
A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.
True
False
False
The role of the project manager—typically an executive such as a chief information officer (CIO) or the vice president of information technology (VP-IT)—in this effort cannot be overstated. _______
True
False
False
Information security can be an absolute.
True
False
False
Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. _______
True
False
True
RAND Report R-609 was the first widely recognized published document to identify the role of management and
policy issues in computer security. ______
True
False
True
Information has redundancy when it is free from mistakes or errors and it has the value that the end user expects. _______
True
False
False
A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas. _______
True
False
True
Hardware is often the most valuable asset possessed by an organization, and it is the main target of intentional attacks.
True
False
False
A computer is the __________ of an attack when it is used to conduct an attack against another computer.
object
facilitator
subject
target
subject
A computer is the ________ of an attack when it is the entity being targeted.
object
A(n) ________ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives.
community of interest
________ of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.
Authenticity
E-mail spoofing involves sending an e-mail message with a harmful attachment.
True
False
False
The history of information security begins with the concept of communications security. ______
True
False
False
Confidentiality ensures that only those with the rights and privileges to access information are able to do so. _______
True
False
True
The famous study entitled "Protection Analysis: Final Report" focused on a project undertaken by ARPA to understand and detect __________ in operating systems security.
maintenance hooks
bugs
malware
vulnerabilities
vulnerabilities
__________ is a network project that preceded the Internet.
DES
FIPS
ARPANET
NIST
ARPANET
The bottom-up approach to information security has a higher probability of success than the top-down approach.
True
False
False
The CNSS model of information security evolved from a concept developed by the computer security industry known as the ________ triad.
C.I.A
A frequently overlooked component of an information system, ________ are the written instructions for accomplishing a specific task.
procedures
Information has ________ when it is whole, complete, and uncorrupted.
integrity
Network security focuses on the protection of physical items, objects, or areas from unauthorized access and
misuse.
True
False
False
Which of the following was not an identified fundamental problem with ARPANET security?
lack of safety procedures for dial-up connections
nonexistent user identification and authorizations
phone numbers for access were closely held and distributed on a need-to-know basis
vulnerability of password structure and formats
phone numbers for access were closely held and distributed on a need-to-know basis
The protection of tangible items, objects, or areas from unauthorized access and misuse is known as ___________.
information security
network security
physical security
communications security
physical security
The history of information security begins with the concept of ________ security.
computer
The possession of information is the quality or state of having value for some purpose or end.
True
False
False
A(n) hardware system is the entire set of people, procedures, and technology that enable business to use information. _______
True
False
False
In an organization, the value of ________ of information is especially high when it involves personal information about employees, customers, or patients.
confidentiality
An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) ___________.
asset
access method
risk
exploit
asset
Individuals who control, and are therefore ultimately responsible for, the security and use of a particular set of information are known as data __________.
trustees
custodians
users
owners
owners
__________ of information is the quality or state of being genuine or original.
Spoofing
Confidentiality
Authenticity
Authorization
Authenticity
Indirect attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. _______
True
False
True
A subject or object's ability to use, manipulate, modify, or affect another subject or object is known as ___________.
risk
assets
exploits
access
access
During the ________ War, many mainframes were brought online to accomplish more complex and sophisticated tasks, so it became necessary to enable the mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers.
Cold
When a computer is the subject of an attack, it is the entity being attacked.
True
False
False
A server would experience a(n) __________ attack when a hacker compromises it to acquire information via a remote location using a network connection.
indirect
direct
hardware
software
direct
The senior technology officer is typically the chief ________ officer.
information
In 1993, the first ______ conference was held in Las Vegas. Originally, it was established as a gathering for people interested in information security, including authors, lawyers, government employees, and law enforcement officials.
World Security
DEFCON
Black Hat
CyberCom
DEFCON
The roles of information security professionals focus on protecting the organization's information systems and stored information from attacks.
True
False
True
The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________.
physical security
communications security
network security
information security
information security
A potential weakness in an asset or its defensive control system(s) is known as a(n) _________.
vulnerability
__________ has become a widely accepted evaluation standard for training and education related to the security of information systems and is hosted by CNSS.
ISO 17788
NSTISSI No. 4011
IEEE 802.11(g)
NIST SP 800-12
NSTISSI No. 4011
People with the primary responsibility for administering the systems that house the information used by the organization perform the role of ____.
End users
Security professionals
Security policy developers
System administrators
System administrators
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single number called the __________ value.
result
smashing
code
hash
hash
__________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.
Physical
Personal
Standard
Object
Physical
The community of interest made up of IT managers and skilled professionals in systems design, programming, networks, and other related disciplines is called ______.
Executive Management
Information Security Management and Professionals
Organizational Management and Professionals
Information Technology Management and Professionals
Information Technology Management and Professionals
The ______ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
CTO
CISO
CIO
ISO
CISO
__________ was the first operating system to integrate security as one of its core functions.
DOS
UNIX
ARPANET
MULTICS
MULTICS
A breach of possession may not always result in a breach of confidentiality.
True
False
True
The value of information comes from the characteristics it possesses.
True
False
True
The ______ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network.
FTP
WWW
TCP
HTTP
TCP
Much human error or failure can be prevented with effective training and ongoing awareness activities.
True
False
True
One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver with excessive quantities of e-mail. ______
True
False
False
In the ______ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.
sniff-in-the-middle
server-in-the-middle
man-in-the-middle
zombie-in-the-middle
man-in-the-middle
A(n) ______ is a malicious program that replicates itself constantly without requiring another program environment.
worm
A worm requires that another program is running before it can begin functioning.
True
False
False
Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easy-to-guess passwords.
True
False
True
When information gatherers employ techniques that cross a legal or ethical threshold, they are conducting ______.
industrial espionage
competitive intelligence
opposition research
hostile investigation
industrial espionage
Once a(n) back door has infected a computer, it can redistribute itself to all e-mail addresses found on the infected system. ______
True
False
False
When information gatherers employ techniques in a commercial setting that cross the threshold of what is legal or ethical, they are conducting industrial ______.
espionage
A momentary low voltage is called a(n) ______.
sag
Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways. ______
True
False
True
The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack. ______
True
False
False
The information security function in an organization safeguards its technology assets.
True
False
True
The macro virus infects the key operating system files located in a computer's start-up sector. ______
True
False
False
A long-term interruption (outage) in electrical power availability is known as a(n) ______.
fault
brownout
sag
blackout
blackout
A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected.
True
False
True
One form of online vandalism is ______ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
cyberhack
hackcyber
phreak
hacktivist
hacktivist
Two watchdog organizations that investigate allegations of software abuse are the Software & Information Industry Association (SIIA) and National Security Agency (NSA).
True
False
False
Compared to Web site defacement, vandalism within a network is less malicious in intent and more public.
True
False
False
Advance-Fee fraud is an example of a ______ attack.
social engineering
spam
virus
worm
social engineering
______ is a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.
Spoofing
A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket sniffer. ______
True
False
False
______ is unsolicited commercial e-mail.
Spam
Packet munchkins use automated exploits to engage in distributed denial-of-service attacks. ______
True
False
False
The expert hacker sometimes is called a(n) ______ hacker.
elite
Suppose an act of theft performed by a hacker was accompanied by defacement actions to delay discovery. The first act is obviously in the category of "theft" but the second act is another category—in this case it is a "force of nature."
True
False
False
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) longer than ______ characters in Internet Explorer 4.0, the browser will crash.
256
512
128
64
256