Download Information Security Fundamentals Final Exam Study Guide 2025 and more Exams Information Security and Markup Languages in PDF only on Docsity!
1601 - Information Security Fundamentals
Final Exam Study Guide 2025 Exam.
A ____________________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software. - ✔✔Passive A(n) ____________________ analysis is a procedure that compares the current state of a network segment (the systems and services it offers) against a known previous state of that same network segment (the baseline of systems and services). - ✔✔Difference To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited. - ✔✔True
. A task or subtask becomes a(n) action step when it can be completed by one individual or skill set and when it includes a single deliverable. _________________________ - ✔✔True Grounding ensures that the returning flow of current is properly discharged to the ground.
_________________________ - ✔✔True The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication. _________________________ - ✔✔False In a study on software license infringement, those from United States were significantly more permissive than those from the Netherlands and other countries. _________________________ - ✔✔False The optimal time frame for training is usually one to three weeks before the new policies and technologies come online. _________________________ - ✔✔True Three methods dominate the IDPSs detection methods: ____________________-based approach, statistical anomaly-based approach or the stateful packet inspection approach. - ✔✔signature A(n) ____________________ agency is an agency that provides specifically qualified individuals at the paid request of another company - ✔✔temp
The Remote ____________________ Dial-In User Service system centralizes the management of user authentication by placing the responsibility for authenticating each user in the central RADIUS server - ✔✔Authentication A(n) ____________________ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm - ✔✔intrusion To encipher means to decrypt, decode, or convert, ciphertext into the equivalent plaintext. _________________________ - ✔✔False "Long arm __________" refers to the long arm of the law reaching across the country or around the world to draw an accused individual into its court systems whenever it can establish jurisdiction. - ✔✔Statute The ____________________ tester's ultimate responsibility is to identify weaknesses in the security of the organization's systems and networks and then present findings to the system owners in a detailed report. - ✔✔penetration
The ____________________ cipher simply rearranges the values within a block to create the ciphertext. - ✔✔Transposition The primary goal of the ____________________ monitoring domain is an informed awareness of the state of all of the organization's networks, information systems, and information security defenses. - ✔✔internal Best practices in firewall rule set configuration state that the firewall device never allows administrative access directly from the public network. _________________________ - ✔✔True Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce._________________________ - ✔✔False Planners need to estimate the effort required to complete each task, subtask, or action step. - ✔✔True ____________________ is a firewall type that keeps track of each network connection between internal and
devices. _________________________ - ✔✔False Originally released as freeware, ____________________ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms as an open-source de facto standard for encryption and authentication of e-mail and file storage. - ✔✔PGP The architecture of a(n) ____________________ firewall provides a DMZ. - ✔✔Screened Subnet Some information security experts argue that it is virtually impossible to determine the true value of information and information-bearing assets. - ✔✔True SESAME, as described in RFC 4120, keeps a database containing the private keys of clients and servers—in the case of a client, this key is simply the client's encrypted password. _________________________ - ✔✔False The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively. - ✔✔True
Software is often created under the constraints of ____________________ management, placing limits on time, cost, and manpower. - ✔✔project The Internet brought ____________________ to virtually all computers that could reach a phone line or an Internetconnected local area network. - ✔✔connectivity A(n) ____________________ or cryptosystem is an encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption. - ✔✔cipher Managerial directives that specify acceptable and unacceptable employee behavior in the workplace are known as __________. - ✔✔Policies During the ____________________ War, many mainframes were brought online to accomplish more complex and sophisticated tasks so it became necessary to enable the mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers. - ✔✔Cold
"Builders" in the field of information security provide day-to-day systems monitoring and use to support an organization's goals and objectives. - ✔✔False The project planner should describe the skills or personnel needed for a task, often referred to as a(n) ____________________, needed to accomplish a task. - ✔✔resource The Secret Service is charged with safeguarding the nation's financial infrastructure and payments systems to preserve the integrity of the economy. - ✔✔True The ____________________ component of the IS comprises applications, operating systems, and assorted command utilities. - ✔✔software A(n) ____________________ is a potential risk to an information asset.
- ✔✔Threat For policy to become enforceable it only needs to be distributed, read, understood, and agreed to. - ✔✔True A worm can deposit copies of itself onto all Web servers that the infected system can reach, so that users who
subsequently visit those sites become infected. - ✔✔True ESD is the acronym for electrostatic ____________________. - ✔✔False The combination of an asset's value and the percentage of the asset that might be lost in an attack is known as the loss ____________________. - ✔✔magnitude The __________ Act of 1966 allows any person to request access to federal agency records or information not determined to be a matter of national security. - ✔✔Freedom of information Hackers are "persons who access systems and information without authorization and often illegally." _________________________ - ✔✔True A(n) ____________________ dialer is an automatic phone-dialing program that dials every number in a configured range, and checks to see if a person, answering machine, or modem picks up. - ✔✔war
Regardless of an organization's information security needs, the amount of effort that can be expended depends on the available funds; therefore a ____________________ is typically prepared in the analysis phase of the SecSDLC and must be reviewed and verified prior to the development of the project plan. - ✔✔Cost Benefit Analysis Hardware is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. _________________________ - ✔✔True Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is __________. - ✔✔Education The primary objective of the planning and ____________________ domain is to keep a lookout over the entire information security program. - ✔✔risk assessment To achieve balance — that is, to operate an information system that satisfies the user and the security professional — the security level must allow reasonable access, yet protect against threats. - ✔✔True
_____________________ Departures include resignation, retirement, promotion, or relocation. - ✔✔Friendly The threats-vulnerabilities-assets (TVA) worksheet is a document that shows a comparative ranking of prioritized assets against prioritized threats, with an indication of any vulnerabilities in the asset/threat pairings. - ✔✔True Certifications are designed to recognize ____________________ in their respective fields. - ✔✔experts A computer virus consists of segments of code that perform ____________________ actions. - ✔✔malicious The science of encryption is known as ____________________. - ✔✔Cryptography In the context of information security, ____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. - ✔✔social engineering
The static packet filtering firewall can react to an emergent event and update or create rules to deal with that event. _________________________ - ✔✔False Tracking compliance involves assessing the status of the program as indicated by the database information and mapping it to goals established by the agency._________________________ - ✔✔True ____________________ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than in accomplishing meaningful project work. - ✔✔Projectitis ____________________ is the process of assigning financial value or worth to each information asset. - ✔✔asset valuation The level of resistance to ____________________ impacts the ease with which an organization is able to implement the procedural and managerial changes. - ✔✔change
Threats cannot be removed without requiring a repair of the vulnerability. - ✔✔False An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked. _________________________ - ✔✔True An e-mail virus involves sending an e-mail message with a modified field. - ✔✔False A message ____________________ is a fingerprint of the author's message that is compared with the recipient's locally calculated hash of the same message. - ✔✔digest Under the guise of justice, some less scrupulous administrators may be tempted to ____________________, or hack into a hacker's system to find out as much as possible about the hacker.
- ✔✔back-hack For Linux or BSD systems, there is a tool called "Snow White" that allows a remote individual to "mirror" entire Web sites. _________________________ - ✔✔False
