1. Each of the following is a reason why it is difficult to defend against today’s attackers except _____________ .
C. complexity of attack tools
2. A(n) _____ attack takes advantage of vulnerabilities that have not been previously revealed.
A. zero day
3. _____ ensures that only authorized parties can view the information.
C. Confidentiality
4. Each of the following is a successive layer in which information security is achieved except _________________.
D. Intrusion Wormhole Defense (IWD)
5. A(n) _____ is a person or thing that has the power to carry out a threat.
B. threat agent
6. Each of the following is a goal of information security except __________.
B. Decrease user productivity
7. The _____ requires that enterprises must guard protected health information and implement policies and procedures to safeguard it.
A. Health Insurance Portability and Accountability Act (HIPAA)
8. Utility companies, telecommunications, and financial services are considered prime targets of _____ because attackers can significantly disrupt business and personal activities by destroying a few targets.
A. cyberterrorists
9. After an attacker probed a computer or network for information she would next ________.
B. penetrate any defenses
10. An organization that purchased security products from different vendors in case an attacker
circumvented the Brand A device, yet would have more difficulty trying to break through a Brand B device because they are different, is an example of ________.
D. diversity
11. _____ is a superset of information security and includes security issues that do not involve computers.
C. Information assurance (IA)
12. _____ attacks come from multiple sources instead of a single source.
13. _____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.
A. Cybercriminals
14. Each of the following is a characteristic of cybercriminals except ________.
A. low motivation
15. Each of the following is a characteristic of cybercrime except ________.
D. exclusive use of worms and viruses
16. An example of a(n) _____ is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password
A. vulnerability
17. _____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic and paper containing personally identifiable financial information.
D. Gramm-Leach-Bliley Act (GLBA)
18. The term _____ is commonly used in a generic sense to identify anyone who illegally breaks into a computer system.
A. hacker
19. An example of _____would be not revealing the type of computer, operating system, software, and network connection a computer uses.
C. obscurity
20. The _____ is primarily responsible for assessment, management, and implementation of security.
1. A(n) _____ is a program that secretly attaches itself to a carrier such as a document or program and then executes when that document is opened or program is launched.
A. virus
2. The first action that a virus takes once it infects a computer is to
D. replicate
3. Each of the following is a different type of computer virus except
B. remote virus
4. A computer program that pretends to clean up a hard drive but actually performs a malicious activity is known as a(n)
A. Trojan
5. To remove a rootkit from a computer you should
C. reformat the hard drive and reinstall the operating system
6. Each of the following could be a logic bomb except
C. Send spam to all employees
7. _____ is a technique used by spammers to horizontally separate words so they are not trapped by a filter yet can still be read by the human eye.
A. Word splitting
8. _____ is an image spam that is divided into multiple images and each piece of the message is divided and then layered to create a complete and legible message.
A. GIF layering
9. _____ is a general term used for describing software that violates a user’s personal security.
D. Spyware
10. A(n) _____ is either a small hardware device or a program that monitors each keystroke a user types on the computer's keyboard.
A. keylogger
11. Attackers use _____ to remotely control zombies.
D. Internet Relay Chat (IRC)
12. On modern computer systems the BIOS is stored on a _____ chip
13. Each of the following is an advantage of a USB device except
A. slower speed
14. _____ is a single, dedicated hard disk-based file storage device that provides centralized and consolidated disk storage that is available to users through a standard network connection.
B. Network Attached Storage (NAS)
15. Each of the following is an attack that can be used against cell phones except
D. Turn off the cell phone
16. The ability to move a virtual machine from one physical computer to another with no impact on users is called ____.
D. live migration
17. The _____ is the software that runs on a physical computer and manages multiple virtual machine operating systems.
B. hypervisor
18. _____ is exploiting a vulnerability in the software to gain access to resources that the user would normally be restricted from obtaining.
D. Privilege escalation
19. Each of the following is the reason why adware is scorned except
D. It displays the attackers programming skills
20. An attacker who controls multiple zombies in a botnet is known as a(n)
1. A(n) _____ is a general software security update intended to cover vulnerabilities that have been discovered.
C. patch
2. Each of the following is an advantage of an automated patch update service except
A. Users can download the patch immediately when it is released
3. Attackers use buffer overflows to
A. point to another area in data memory that contains the attacker’s malware code
4. The Windows application _____ will not allow code in the memory area to be executed.
D. Data Execution Prevention (DEP)
5. Each of the following is a step that most security organizations take to configure operating system protection except
D. Deploy nX randomization
6. A cookie that was not created by the Web site that attempts to access it is called a(n)
C. third-party cookie
7. _____ resides inside an HTML document
B. JavaScript
8. A Java applet _____ is a barrier that surrounds the applet to keep it away from resources on the local computer.
B. sandbox
9. Address Space Layout Randomization (ASLR) randomly assigns _____ to one of several possible locations in memory.
A. executable operating system code
10. The TCP/IP protocol _____ handles outgoing mail.
B. Simple Mail Transfer Protocol (SMTP)
11. Instant Messaging (IM) connects two systems
B. directly without using a server
12. With a(n) _____ network users do not search for a file but download advertised files.
13. Another name for antivirus definition files is
A. signature files
14. The preferred location for an spam filter is
A. on the SMTP server
15. A(n) _____ is a list of pre-approved e-mail addresses that the user will accept mail from.
C. whitelist
16. Another name for a packet filter is a(n)
A. firewall
17. A(n) _____ works on the principle of comparing new behavior against normal behavior.
A. Host Intrusion Detection System (HIDS)
18. A(n) _____ is a cumulative package of all security updates plus additional features.
A. service pack
19. A(n) _____ is a method to configure a suite of configuration baseline security settings.
A. security template
20. A(n) _____ is a program that does not come from a trusted source.
1. A network tap____________________.
B. is a separate device that can be installed between other network devices to monitor traffic
2. Each of the following is a characteristic of a weak password except_________.
C. a password that is long
3. A(n) _____ is an account on a device that is created automatically to aid in installation and should be deleted once that is completed.
A. default account
4. A(n) _____ attack attempts to consume network resources so that the devices cannot respond to legitimate requests.
B. Denial of service
5. Wireless denial of service attacks are successful because wireless LANs use the protocol ________.
A. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
6. A man-in-the-middle attack_________________.
B. intercepts legitimate communication and forges a fictitious response
7. The difference between a replay attack and a man-in-the-middle attack is________.
B. a replay attack makes a copy of the transmission before sending it to the recipient
8. An example of an antiquated protocol that has been replaced by a more secure version is ________.
A. Simple Network Management Protocol (SNMP) Version 2
9. Where does the TCP/IP host table name system for a local device store a symbolic name to Internet Protocol address mappings?
B. In a local hosts file
10. Attackers take advantage of Domain Name System _____ to send fraudulent DNS entries.
D. zone transfers
11. A more secure version of the Berkeley Internet Name Domain software is______.
D. DNSSEC
12. _____ is used for Ethernet local area networks to resolve Internet Protocol addresses.
13. An attack that takes advantage of the order of arrival of TCP packets is_______.
D. TCP/IP hijacking
14. War driving exploits _____, which is the wireless access point sending out information about its presence and configuration settings.
B. beaconing
15. A group of Bluetooth piconets in which connections exist between different piconets is called a(n)__________.
A. scatternet
16. _____ is the unauthorized access of information from a wireless device through a Bluetooth connection.
D. Blue snarfing
17. In a(n) _____ attack the attacker overflows a switch’s address table with fake media access control (MAC) addresses and makes the switch act like a hub, sending packets to all devices.
A. switch flooding
18. A back door can be created by each of the following except______________.
C. spam
19. Using _____, an attacker attempts to gather information to map the entire internal network of the organization supporting the DNS server.
A. DNS transfer
20. Each of the following could be the result of an ARP poisoning attack except________.
1. Subnetting ____________________.
B. is also called subnet addressing
2. A virtual LAN (VLAN) allows devices to be grouped _____________.
A. logically
3. Convergence combines voice, data, and video traffic ____________.
A. over a single IP network
4. Each of the following is a convergence security vulnerability except __________.
A. convergence resource attacks (CRA)
5. Which of the following is not true regarding a demilitarized zone (DMZ)?
A. It contains servers that are only used by internal network users
6. Network address translation (NAT) _________________.
C. removes private addresses when the packet leaves the network
7. Each of the following is a variation available in network access control (NAC) implementations except ____________.
C. Network or local
8. Another name for a packet filter is a(n) __________________.
B. firewall
9. The _____ establishes the action that a firewall takes on a packet.
B. rule base
10. A(n) _____ intercepts internal user requests and then processes that request on behalf of the user.
A. proxy server
11. A reverse proxy _________________.
B. routes incoming requests to the correct server
12. A honeypot is used for each of the following except ____________.
B. filter packets before they reach the network
13. A(n) _____ watches for attacks but only takes limited action when one occurs.
14. A multipurpose security appliance integrated into a router is known as a(n) _______.
B. integrated network security hardware device
15. Each of the following can be used to hide information about the internal network except ______.
D. protocol analyzer
16. The difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS) is ___________.
C. a NIPS can take extended actions to combat the attack
17. A variation of NAT that is commonly found on home routers is _______.
B. Port address translation (PAT)
18. If a device is determined to have an out-of-date virus signature file then Network Access Control (NAC) can redirect that device to a network by _______.
A. Address Resolution Protocol (ARP) poisoning
19. Each of the following is an option in a firewall rule base except _______.
A. delay
20. A firewall using _____ is the most secure type of firewall.
1. The amendment to add 5.5 Mbps and 11 Mbps to the IEEE 802.11 standard is ______.
B. IEEE 802.11b
2. Access to the wireless network can be restricted by _______.
A. MAC address filtering
3. The cyclic redundancy check (CRC) is also called the _______.
A. integrity check value (ICV)
4. A wireless network requires that the _____ be authenticated first.
C. wireless device
5. The Service Set Identifier (SSID) _____.
A. serves as the network name for a WLAN
6. The optional authentication method that forces the wireless device to encrypt challenge text using its WEP encryption key is known as _____ .
B. shared key authentication
7. Each of the following is a weakness of open system authentication except _______.
D. open system authentication requires an authentication server
8. The weakness of WEP is that _____.
D. the initialization vectors (IVs) are repeated
9. The two models for personal wireless security developed by the Wi-Fi Alliance are Wi-Fi Protected Access (WPA) and _____ .
D. Wi-Fi Protected Access 2 (WPA2)
10. The _____ replaces the cyclic redundancy check (CRC) and is designed to prevent an attacker from capturing, altering, and resending a data packet.
A. Message Integrity Check (MIC)
11. The IEEE standard for wireless security is known as _____ .
C. IEEE 802.11i
12. A(n) _____ is designed to verify the authentication of wireless devices using IEEE 802.1x.
13. Wireless switches are used in conjunction with _____ for increased security by moving security features to the switch.
D. thin access points
14. Separate _____ can be used to support low-security guest Internet access and high-security administrators on the same access point.
A. wireless virtual local area networks (VLANs)
15. Each of the following can be used to monitor airwaves for traffic except a(n) _____.
C. resource monitor probe
16. A WEP key that is 128 bits in length _____ .
A. has an initialization vector that is the same length as a WEP key of 64 bits
17. For a SOHO the best security model would be the _____
D. Wi-Fi Protected Access 2 Personal Security model
18. Preshared key (PSK) authentication requires that the encryption key _____.
A. must be entered on all devices prior to wireless communication occurring
19. _____ stores information from a device on the network so if a user roams away from a wireless access point and later returns, he does not need to re-enter all of the credentials.
A. Key-caching
20. The _____ model is designed for medium to large-size organizations in which an authentication server is available.
1. A user entering her username would correspond to the _____ action in access control.
A. identification
2. Access control can be accomplished by each of the following except ______.
A. resource management
3. A process functioning on behalf of the user that attempts to access a file is known as a(n) _______.
B. subject
4. The individual who periodically reviews security settings and maintains records of access by users is called the _____.
B. custodian
5. In the _____ model, the end user cannot change any security settings.
B. Mandatory Access Control
6. Rule Based Access Control _____.
A. dynamically assigns roles to subjects based on rules
7. Separation of duties requires that _____.
C. processes should be divided between two or more individuals
8. _____ in access control means that if a condition is not explicitly met then it is to be rejected.
A. Implicit deny
9. A(n) _____ is a set of permissions that is attached to an object.
C. access control list (ACL)
10. _____ is a Microsoft Windows feature that provides centralized management and configuration of computers and remote users who are using Active Directory.
D. Group Policy
11. Which of the following is NOT a characteristic of a brute force attack?
A. They are faster than dictionary attacks.
12. _____ create a large pre-generated data set of hashes from nearly every possible password combination.
D. Rainbow tables
13. Which of the following is NOT a password policy defense against an attacker stealing a Windows password file?
C. Disable all necessary accounts.
14. The Domain password policy _____ determines the number of unique new passwords a user must use before an old password can be reused.
D. enforce password history
15. A(n) _____ extends a solid metal bar into the door frame for extra security.
D. deadbolt lock
16. A(n) _____ uses buttons that must be pushed in the proper sequence to open the door.
D. cipher lock
17. An ID badge fitted with _____ makes it unnecessary to swipe or scan the badge for entry.
A. radio frequency (RFID) tags
18. Using video cameras to transmit a signal to a specific and limited set of receivers is called _____.
C. closed circuit television (CCTV)
19. The least restrictive access control model is _____.
B. Discretionary Access Control (DAC)
20. The principle known as _____ in access control means that each user should only be given the minimal amount of privileges necessary for that person to perform their job function.
1. Determining what a user did on a system is called _____.
D. accounting
2. Which of the following is NOT an authentication method?
C. what a user discovers
3. One-time passwords that utilize a token with an algorithm and synchronized time setting is known as a(n) __________.
C. time-synchronized OTP
4. Which of the following is a difference between a time-synchronized OTP and a challenge-based OTP?
B. User must enter the challenge into the token with a challenge-based OTP.
5. Keystroke dynamics is an example of what type of biometrics?
A. behavioral biometrics
6. Creating a pattern of when and from where a user accesses a remote Web account is an example of ________.
A. computer footprinting
7. _____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
B. OpenID
8. A RADIUS authentication server requires that the _____ must be authenticated first.
A. supplicant
9. Each of the following make up the AAA elements in network security except _______.
A. determining user need (analyzing)
10. Each of the following human characteristics can be used for biometric identification except ______.
A. weight
11. _____ biometrics is related to the perception, thought processes, and understanding of the user.
C. Cognitive
12. Using one authentication to access multiple accounts or applications is known as _______.
13. With the development of IEEE 802.1x port security, the authentication server _____ has seen even greater usage.
B. RADIUS
14. A(n) _____ makes a request to join the network.
D. supplicant
15. _____ is an authentication protocol available as a free download and runs on Microsoft Windows Vista, Windows Server 2008, Apple Mac OS X, and Linux.
C. Kerberos
16. The version of the X.500 standard that runs on a personal computer over TCP/IP is_____.
B. LDAP
17. The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as _____.
D. Extensible Authentication Protocol (EAP)
18. Which of the following protocols is the strongest?
A. EAP with Transport Layer Security (EAP-TLS)
19. A user-to-LAN virtual private network connection used by remote users is called a(n) _____.
B. remote –access VPN
20. Endpoints that provide _____ capability require that a separate VPN client application be installed on each device that connects to a VPN server.
1. In information security a(n) _____ is the likelihood that a threat agent will exploit a vulnerability.
C. risk
2. _____ is a systematic and structured approach to managing the potential for loss that is related to a threat.
D. Risk management
3. Each of the following is a step in risk management except ______.
D. attack assessment
4. Which of the following is NOT an asset classification?
D. Logical assets
5. A threat agent _____.
D. is any person or thing with the power to carry out a threat against an asset
6. _____ constructs scenarios of the types of threats that assets can face in order to learn who the attackers are, why they attack, and what types of attacks may occur
D. Threat modeling
7. _____ is a current snapshot of the security of an organization.
D. Vulnerability appraisal
8. The _____ is the proportion of an asset’s value that is likely to be destroyed by a particular risk.
D. Exposure Factor (EF)
9. Which of the following is NOT an option for dealing with risk?
B. Eliminate the risk
10. TCP/IP port numbers ________.
C. identify the process that receives the transmission
11. Each of the following is a state of a port that can be returned by a port scanner except _____.
A. busy
12. Each of the following is true regarding TCP SYN port scanning except ______.
C. it uses FIN messages that can pass through firewalls and avoid detection.
13. Network mappers utilize the TCP/IP protocol _____.
14. A protocol analyzer places the computer’s network interface card (NIC) adapter into _____ mode.
B. promiscuous
15. Each of the following is a function of a vulnerability scanner except ______.
D. alert users when a new patch cannot be found
16. Which of the following is true of the Open Vulnerability and Assessment Language (OVAL)?
D. It attempts to standardize vulnerability assessments.
17. A UNIX and Linux defense that does not store password hashes in a world-readable file is known as a _________.
A. shadow password
18. _____ is a method of evaluating the security of a computer system or network by simulating a malicious attack.
D. Penetration testing
19. Protocol analyzers can _______.
D. fully decode application-layer network protocols
20. Network mappers _______.
1. Reviewing a subject’s privileges over an object is known as _____.
A. privilege auditing
2. _____ is the process of assigning and revoking privileges to objects and covers the procedures of managing object authorizations.
A. Privilege management
3. One of the disadvantages of centralized privilege management is that ______.
D. users may have to wait longer for requested changes to security privileges
4. The individual elements or settings within group policies are known as ______.
A. Group Policy Objects (GPOs)
5. _____ is a set of strategies for administering, maintaining, and managing computer storage systems in order to retain data.
D. Information lifecycle management (ILM)
6. _____ assigns a level of business importance, availability, sensitivity, security and regulation requirements to data.
C. Data classification
7. When grouping data into categories, which of the following is NOT a question that is asked of users regarding their use of data?
D. How was it first created?
8. _____ typically involves an examination of which subjects are accessing specific objects and how frequently.
A. Usage auditing
9. When permissions are assigned to a folder, any current subfolders and files within that folder _____.
A. inherit the same permissions
10. GPOs that are inherited from parent containers are processed first followed by _____.
A. the order that policies were linked to a container object
11. Each of the following has contributed to an increase in the number of logs generated except ______.
A. faster network access
12. Each of the following is an example of a security application log except ______,
13. If a firewall log reveals a high number of probes to ports that have no application services running on them, this could indicate ______.
A. attackers are trying to determine if the ports and corresponding applications are already in use
14. A(n) _____ is an occurrence within a software system that is communicated to users or other programs outside the operating system.
C. event
15. Client request and server responses are found in which type of logs?
A. System event logs
16. Each of the following is an advantage to using logs except ______.
D. logs can be useful for identifying user passwords that may have been lost
17. Each of the following is a challenge to log management except ______.
A. single standard for log formats
18. ___ refers to a methodology for making changes and keeping track of those changes, often manually.
A. Change management
19. A group that oversees changes is known as a(n) _______.
A. Change Management Team (CMT)
20. Each of the following is a monitoring mechanism except ______.
1. The areas of a file in which steganography can hide data including all of the following except ______.
D. in the directory structure of the file system
2. Data that is to be encrypted by inputting into an algorithm is called ______.
D. plaintext
3. Each of the following is a basic security protection over information that cryptography can provide except ______.
B. stop loss
4. Proving that a user sent an e-mail message is known as ______.
A. non-repudiation
5. A(n) _____ is never intended to be decrypted but is only used for comparison purposes.
D. digest
6. Each of the following is an example of how hashing is used except ______.
D. encrypting and decrypting e-mail attachments
7. Which of the following is NOT a characteristic of a secure hash algorithm?
D. Collisions should be rare.
8. The data added to a section of text when using the Message Digest (MD) algorithm is called ______.
C. padding
9. Which of the following is a protection provided by hashing?
B. integrity
10. Symmetric cryptographic algorithms are also called ______.
D. private key cryptography
11. Monoalphabetic substitution ciphers and homoalphabetic substitution ciphers are examples of ______.
A. symmetric stream ciphers
12. Which of the following is the strongest symmetric cryptographic algorithm?
C. Advanced Encryption Standard
13. When Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message?
14. A digital signature can provide each of the following benefits except ______.
A. verify the receiver
15. Which of the following asymmetric cryptographic algorithms is the most secure?
A. RSA
16. _____ uses the Windows NTFS file system to automatically encrypt all files.
A. Encrypting File System (EFS)
17. The Microsoft Windows BitLocker whole disk encryption cryptography technology can protect each of the following except ______.
D. Domain name system files
18. The Trusted Platform Module (TPM) _____.
C. provides cryptographic services in hardware instead of software
19. Most security experts recommend that _____ be replaced with a more secure algorithm.
A. DES
20. The Microsoft Windows LAN Manager hash ______.
1. The strongest technology that would assure Alice that Bob is the sender of a message is a(n) ______.
B. digital certificate
2. A digital certificate associates ________.
A. the user’s identity with their public key
3. An entity that issues digital certificates for others is a(n) ________.
A. Certificate Authority (CA)
4. A list of approved digital certificates is called a(n) ________.
B. Certificate Repository (CR)
5. Digital certificates can be used for each of the following except ________.
C. Verify the authenticity of the Registration Authorizer
6. In order to ensure a secure cryptographic connection between a Web browser and a Web server a _____ digital certificate would be used.
D. server digital certificate
7. A digital certificate that turns the address bar green is a(n) ________.
A. Extended Validation SSL Certificate
8. Digital certificates that are split into two parts are known as _____ certificates.
C. dual-sided
9. Which of the following is NOT a field of an X.509 certificate?
D. CA expiration code
10. Public key infrastructure (PKI) ________.
C. is the management of digital certificates
11. Public-Key Cryptography Standards (PKCS) ________.
B. are widely accepted in the industry
12. The ______ trust model supports CA.
C. third party
13. Hierarchical trust models are best suited for ________.
B. single organizations
14. A(n) _____ is a published set of rules that govern the operation of a PKI.
15. Each of the following is a part of the certificate life cycle except ________.
C. Authorization
16. Keys can be stored in each of the following except ________.
D. in hashes
17. _____ refers to a situation in which keys are managed by a third-party, such as a trusted CA.
A. Key escrow
18. A cryptographic transport protocol for FTP is ________.
D. Secure Sockets Layer (SSL)
19. What is the cryptographic transport protocol that is used most often to secure Web transactions?
A. HTTPS
20. Which is the most secure VPN cryptographic transport protocol?
1. Each of the following is required for a fire to occur except ______.
C. a spark to start the process
2. An electrical fire like that which would be found in a computer data center is known as what type of fire?
C. Class C
3. Each of the following is a category of fire suppression systems except a ______.
A. wet chemical system
4. Van Eck phreaking is _______.
A. picking up electromagnetic fields generated by a computer system
5. Plenums are ______.
A. the air-handling space above drop ceilings
6. A standby server exists only to take over for another server in the event of its failure is known as a(n) _______.
D. asymmetric server cluster
7. “RAID” is an abbreviation of ________.
B. Redundant Array of Independent Drives
8. RAID _____ uses disk mirroring and is considered fault-tolerant.
B. Level 1
9. An example of a nested RAID is
A. Level 0+1
10. A(n) _____ is always running off its battery while the main power runs the battery charger.
A. on-line UPS
11. A UPS can perform each of the following except _______.
D. prevent certain applications from launching that will consume too much power
12. A(n) _____ is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running.
13. Which of the following is NOT a characteristic of a disaster recovery plan (DRP)?
A. It is a private document only used by top-level administrators for planning.
14. Each of the following is a basic question to be asked regarding creating a data backup except _____.
C. how long will it take to finish the backup?
15. Any time the contents of that file are changed, the archive bit is changed to _____ meaning that this modified file now needs to be backed up.
B. 1
16. An incremental backup ______.
C. copies all files changed since last full or incremental backup
17. In a grandfather-father-son backup system the weekly backup is called the _____.
B. father
18. _____ is the maximum length of time that an organization can tolerate between data backups.
A. Recovery point objective (RPO)
19. A data backup solution that uses the magnetic disk as a temporary storage area is _____ .
D. disk to disk to tape (D2D2T)
20. When an unauthorized event occurs, the first duty of the computer forensics response should be to _____.
1. Which of the following is not an approach to trust?
A. Trust authorized individuals only.
2. Which of the following characterizes the attitude that system support personnel generally have toward security?
B. They are concerned about the ease of managing systems under tight security controls.
3. A(n) _____ is a collection of suggestions that should be implemented.
D. guideline
4. Which of the following is not a characteristic of a policy?
D. Policies communicate a unanimous agreement of judgment.
5. Each of the following is a step in the risk management study except _____.
B. threat appraisal
6. Each of the following is what a security policy must do except _____.
A. state reasons why the policy is necessary
7. Each of the following should serve on a security policy development team except ______.
C. representative from an antivirus vendor
8. _____ is defined as the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take necessary precautions to protect them.
D. Due care
9. Each of the following is a guideline for developing a security policy except ______.
D. require all users to approve the policy before it is implemented
10. A(n) _____ defines the actions users may perform while accessing systems and networking equipment.
D. acceptable use policy
11. A password management and complexity policy will encourage users to avoid weak passwords by recommending each of the following except _______.
C. do not use alphabetic characters
12. A Personally Identifiable Information (PII) policy ______.
13. When a file is deleted using Microsoft Windows, _______.
A. the information itself remains on the hard drive until it is overwritten by new files
14. Each of the following is usually contained in a service level agreement except ______.
C. requirements for PII
15. A classification of information policy is designed to produce a standardized framework for classifying _____.
D. information assets
16. _____ may be defined as the study of what people understand to be good and right behavior and how people make those judgments.
A. Ethics
17. For adult learners a(n) _____ approach (the art of helping an adult learn) is often preferred.
D. andragogical
18. Social engineering ______.
A. relies on tricking and deceiving someone to provide secure information
19. _____ is a technique that targets only specific users.
A. Spear phishing
20. Watching an individual enter a security code on a keypad without her permission is known as _______.
