Shared Flashcard Set

Details

Intro to Information Secuirty
Chapter One Review Questions
50
Computer Networking
06/07/2012

Additional Computer Networking Flashcards

 


 

Cards

Term
Access is ____________________.
Definition
a subject or an object's ability to use, manipulate, modify or affect another subject or object
Term
A threat is __________________.
Definition
a category of objects, persons, or other entities that represents a danger to an asset
Term
Vulnerability is ______________.
Definition
a weekness or fault in a system or protection mechanism
Term
What are the three components of the C.I.A triangle?
Definition
Integrity, Confidentiality, Availability
Term
In Information Security, accuracy is the quality or state of being genuine or original.
Definition
False (authenticity)
Term
In Information Security, Integrity is when an information is whole, complete, and uncorrupted.
Definition
True
Term
Each of the following is a component of an Information System except ________________.
A) software
B) data
C) analysis
D) networks
Definition
analysis
Term
Each of the following is a phase of a Security System Development Life Cycle except _________.
A) investigation
B) analysis
C) inplementation
D) management
Definition
management
Term
Which one of the following is NOT an advantage of the bottom-up approach of the implementation of Information Security?
A) Technical expertise
B) Participant support
C) Knowledge that can improve the development
D) Understanding of threats
Definition
B) Participant support
Term
Which one of the following is NOT an advantage of the top-down approach of the implementation of Information Security?
A) Upper-management support
B) Dedicated fund
C) Dedicated champion
D) Technical expertise
Definition
D) Technical expertise (Correct)
Term
Data custodians are responsible for storage, maintenance, and protection of the information.
Definition
True
Term
Which one of the following is not a member of an Information Security Project Team?
A) Champion
B) Risk assessment specialists
C) End users
D) Everybody
Definition
D) Everybody
Term
A community of interest is a group of individuals who are united by similar interests or values within an organization.
Definition
True
Term
Who has primary responsibility for the assessment, management, and implementation of information security in the organization.
Definition
CISO
Term
Which one of the following sentence is NOT true?
A) Information security is an art.
B) Information security is a science.
C) Information security is technology only.
D) Information security is a social science.
Definition
C) Information security is technology only.
Term
Information Security is an art and science.
Definition
True
Term
Confidentiality is ________________.
Definition
when information is protected from disclosure or exposure to unauthorized individuals or systems
Term
Operations security is used to protect which of the following?
A) The individual or group of individuals who are authorized to access the organization and its operations.
B) Physical items, objects, or areas from unauthorized access and misuse.
C) The details of a particular operation or series of activities.
D) The networking components, connections, and contents.
Definition
C) The details of a particular operation or series of activities.
Term
Phishing is when an attacker attempts to obtain personal or financial information using fraudulent means, most often by posing as another individual or organization.
Definition
True
Term
Availability is the quality or state of ownership or control.
Definition
False (Possession)
Term
____ was the first and only operating system created with security as its primary goal.
Definition
MULTICS
Term
Which of the following phases is the longest and most expensive phase of the systems development life cycle?
Definition
Maintenance and Change
Term
A breach of possession always results in a breach of confidentiality.
Definition
False (A breech in confidentiality always results in a breech in possession)
Term
The possession of information is the quality or state of having value for some purpose or end.
Definition
False (Utility)
Term
A champion is a project manager, who may be a departmental line manager or staff unit manager, who understands project management, personnel management, and information security technical requirements.
Definition
False (Team Leader)
Term
The SDLC process may be initiated in response to specific conditions or combinations of conditions.
Definition
True
Term
In information security, salami theft occurs when an employee steals a few pieces of information at a time, knowing that taking more would be noticed — but eventually the employee gets the whole thing.
Definition
True
Term
The ____ model consists of 6 general phases.
Definition
waterfall
Term
A methodology increases the probability of success.
Definition
True
Term
The most successful kind of top-down approach involves a formal development strategy referred to as a(n) ____.
Definition
systems development life cycle
Term
Organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but the confidence of the consumer in their product.
Definition
security
Term
The ____ is a methodology for the design and implementation of an information system in an organization.
Definition
SDLC
Term
____ of information is the quality or state of being genuine or original.
Definition
Authenticity
Term
The physical design is the blueprint for the desired solution.
Definition
False (Logical Design)
Term
Applications systems developed within the framework of the traditional SDLC are designed to anticipate a vicious attack that would require some degree of application reconstruction.
Definition
False
Term
Network security focuses on the protection of the details of a particular operation or series of activities.
Definition
False
Term
____ is the origin of today’s Internet.
Definition
ARPANET
Term
The bottom-up approach to information security has a higher probability of success than the top-down approach.
Definition
Fasle
Term
Key end users should be assigned to a developmental team, known as the united application development team
Definition
False
Term
A data custodian works directly with data owners and is responsible for the storage, maintenance, and protection of the information.
Definition
True
Term
The primary threats to security during the early years of computers were physical theft of equipment, espionage against the products of the systems, and sabotage.
Definition
True
Term
Of the two approaches to information security implementation, the top-down approach has a higher probability of success.
Definition
True
Term
Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks.
Definition
False (Data)
Term
____ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse.
Definition
Physical
Term
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems. This is often referred to as a bottom-up approach.
Definition
True
Term
A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.
Definition
True
Term
Part of the Logical Design phase of the SecSDLC is planning for partial or catastrophic loss. ____ dictates what steps are taken when an attack occurs
Definition
Incident response
Term
____ presents a comprehensive model for information security and is becoming the evaluation standard for the security of information systems.
Definition
NSTISSI No. 4011
Term
The value of information comes from the characteristics it possesses.
Definition
True
Term
A computer is the ____ of an attack when it is used to conduct the attack.
Definition
Subject