1000

Question 1

A network that does not have servers - so each device simultaneously functions as both a client and a server to all other devices connected to the network.

Answer 1

Peer-To-Peer (P2P) Network

Question 2

A policy that outlines how the organization uses personal information it collects.

Answer 2

Privacy Policy

Question 3

A written document that states how an organization plans to protect the company’s information technology assets.

Answer 3

Security Policy

Question 4

Grouping individuals and organization into cluster or groups based on a like affiliation.

Answer 4

Social Networking

Question 5

Web sites that facilitate linking individuals with common interests like hobbies - religion - politics - or school or work contacts.

Answer 5

Social Networking Sites

Question 6

A type of action that has the potential to cause harm.

Answer 6

Threat

Question 7

A person or element that has the power to carry out a threat.

Answer 7

Threat Agent

Question 8

A flaw or weakness that allows a threat agent to bypass security.

Answer 8

Vulnerability

Question 9

The likelihood that the threat agent will exploit the vulnerability.

Answer 9

Risk

Question 10

An event that - in the beginning - is considered to be risk yet turns out not to be.

Answer 10

False Positive

Question 11

List and describe the 3 strategies for controlling risks.

Answer 11

1- privilege management- is the process of assigning and revoking privileges to objects; it covers the procedures of managing object authorizations
2- change management- refers to a methodology for making modifications and keeping track of those changes
3- incident management- is defined as the “framework” and functions required to enable incident response and incident handling within an organization.

Question 12

A subject’s access level over an object - such as a user’s ability to pen a payroll file.

Answer 12

Privilege

Question 13

Periodic reviewing of a subject’s privileges over an object - in which the objective is to determine if the subject has the correct privileges.

Answer 13

Privilege Auditing

Question 14

What is a CMT and what is is duties?

Answer 14

Change Management Team
1- review proposed changes
2- ensure risk and impact of the planned changes are understood
3- recommend approval - disapproval - deferral - withdrawal of a requested change
4- communicate proposed and approved changes to coworkers

Question 15

The planning - coordination - communications - and planning functions that are needed in order to resolve an incident in an efficient manner.

Answer 15

Incident Handling

Question 16

The components required to identify - analyze - and contain an incident.

Answer 16

Incident Response

Question 17

What are the functions of an organization’s information security policy?

Answer 17

1- it can be an overall intention and direction. A security policy is a vehicle for communicating an organization’s information security culture and acceptable information security behavior.
2- it details specific risks and how to address them - and provide controls that executives can use to direct employee behavior.
3- it can help to create a security-aware organization culture
4- it can help to ensure that employee behavior is directed and monitored to ensure compliance with security requirements.

Question 18

What must an effective security policy balance?

Answer 18

Trust and Control

Question 19

What are the 3 approaches to trust?

Answer 19

1- Trust everyone all of the time- easiest model to enforce because there are not restrictions; impractical because it leaves system vulnerable to attacks
2- Trust no one at any time- most restrictive model; impractical because few employees would work for an organization that did not trust them
3- Trust some people some of the time- this approach exercises caution in the amount of trust given; access is provided as needed with technical controls to ensure the trust is not violated.

Question 20

A collection of requirements specific to the system or procedure that must be met by everyone.

Answer 20

Standard

Question 21

A collection of suggestions that should be implemented.

Answer 21

Guideline

Question 22

A document that outlines specific requirements or rules that must be met.

Answer 22

Policy

Question 23

What is the three-phase cycle in the development and maintenance of a security policy?

Answer 23

1- vulnerability assessment
2- create the security policy using information from risk management study
3- compliance monitoring and evaluation

Question 24

What does a vulnerability assessment attempt to identify?

Answer 24

1- asset identification (what needs to be protected)
2- threat identification (what the pressures are against it)
3- vulnerability appraisal (how susceptible the current protection is)
4- risk assessment (what damages could result from the threats)
5- risk mitigation (what to do about it)

Question 25

What MUST a security policy do?

Answer 25

1- be implementable and enforceable
2- be concise and easy to understand
3- balance protection with productivity

Question 26

What SHOULD a security policy do?

Answer 26

1- state reasons the policy is necessary
2- describe what is covered by the policy
3- outline how violations will be handled

Question 27

Ideally - who should comprise the team who designs a security policy?

Answer 27

1- Senior level administrator
2- member of management who can enforce the policy
3- member of the legal staff
4- representative from the user community

Question 28

What is due care?

Answer 28

is the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take necessary precautions to protect them. It is the care that a reasonable person would exercise under circumstances.

Question 29

Defines requirements for using cryptography.

Answer 29

Acceptable encryption policy

Question 30

Established guidelines for effectively reducing the threat of computer viruses on the organization’s network and computers.

Answer 30

Anti-virus policy

Question 31

Outlines the requirements and provides the authority for an information security team to conduct audits and risk assessments - investigate incidents - to ensure conformance to security policies - or to monitor user activity.

Answer 31

Audit vulnerability scanning policy

Question 32

Prescribes that no e-mail will be automatically forwarded to an external destination without prior approval from the appropriate manager or director.

Answer 32

Automatically forwarded e-mail policy

Question 33

Defines requirements for storing and retrieving database usernames and passwords.

Answer 33

Database credentials coding policy

Question 34

Defines standards for all networks and equipment located in the DMZ.

Answer 34

Demilitarized zone security policy

Question 35

Creates standards for using corporate e-mail.

Answer 35

E-mail policy

Question 36

Helps employees determine what information sent or received by e-mail should be retained and for how long.

Answer 36

E-mail retention policy

Question 37

Defines the requirements for third-party organizations to access the organization’s networks.

Answer 37

Extranet policy

Question 38

Establishes criteria for classifying and securing the organization’s information in a manner appropriate to its level of security.

Answer 38

Information sensitivity policy

Question 39

Outlines standards for minimal security configuration for routers and switches.

Answer 39

Router security policy

Question 40

Creates standards for minimal security configuration for servers.

Answer 40

Server security policy

Question 41

Established requirements for Remote Access IPSec Virtual Private Network (VPN) connections to the organization’s network.

Answer 41

VPN security policy

Question 42

Defines standards for wireless systems used to connect to the organization’s networks.

Answer 42

Wireless communication policy

Question 43

What policy is considered to be the most important information security policy?

Answer 43

Acceptable Use Policy (AUP)

Question 44

Which policy is also called a PII (personally identifiable information) policy?

Answer 44

Privacy Policy

Question 45

A policy that addresses security as it relates to human resources.

Answer 45

Security-Related Human Resource Policy

Question 46

A statement used in a security policy that states any investigation into suspicious employee conduct will examine all material facts.

Answer 46

Due diligence

Question 47

A policy that addresses how passwords are created and managed.

Answer 47

Password Management and Complexity Policy

Question 48

A policy that addresses the disposal of resources that are considered confidential.

Answer 48

Disposal and Destruction Policy

Question 49

A person’s fundamental beliefs and principles used ot define what is good - right - and just.

Answer 49

Values

Question 50

List the 3 classification of values.

Answer 50

1- moral (fairness - truth - justice - love)
2- pragmatic (efficiency - thrift - health - patience)
3- aesthetic (attractive - soft - cold)

Question 51

Values that are attributed to a system of beliefs that help the individual distinguish right from wrong.

Answer 51

Morals

Question 52

The study of what a group of people understand to be good and right behavior and how people make those judgements.

Answer 52

Ethics

Question 53

A written code of conduct intended to be a central guide and reference for employees in support of day-to-day decision making.

Answer 53

Ethics Policy

Question 54

Name 3 awareness and training topics.

Answer 54

1- compliance
2- secure user practices
3- awareness of threats

Question 55

Active Internet connections that download a specific file that is available through a tracker.

Answer 55

BitTorrent

Question 56

The collective pieces of a file downloaded from a BitTorrent.

Answer 56

Swarm

Question 57

Which learning style do information technology professionals tend to fall in?

Answer 57

Kinesthetic

Question 58

A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES.

Answer 58

Advanced Encryption Standard (AES)

Question 59

Procedures based on a mathematical formula; used to encrypt data.

Answer 59

Algorithm

Question 60

Encryption that uses two mathematically related keys.

Answer 60

Asymmetric Cryptographic Algorithm

Question 61

A cipher that manipulates an entire block of plaintext at one time.

Answer 61

Block Cipher

Question 62

A block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits.

Answer 62

Blowfish

Question 63

Data that has been encrypted.

Answer 63

Ciphertext

Question 64

Unencrypted data.

Answer 64

Cleartext

Question 65

The science of transforming information into a secure form while it is being transmitted or stored so that unauthorized persons cannot access it.

Answer 65

Cryptography

Question 66

A symmetric block cipher that uses 56-bit key and encrypts data in 64-bit blocks.

Answer 66

Data Encryption Standard (DES)

Question 67

The process of changing ciphertext into plaintext.

Answer 67

Decryption

Question 68

An electronic verification of the sender.

Answer 68

Digital Signature

Question 69

An algorithm that uses elliptic curves instead of prime numbers to compute keys.

Answer 69

Elliptic Curve Cryptography (ECC)

Question 70

The process of changing plaintext to ciphertext.

Answer 70

Encryption

Question 71

Free and open-source software that is commonly used to encrypt and decrypt e-mail messages.

Answer 71

GNU Privacy Guard (GPG)

Question 72

A secure cryptographic processor.

Answer 72

Hardware Security Module (HSM)

Question 73

The unique digital fingerprint created by a hashing algorithm.

Answer 73

Hash

Question 74

A variation of a hash that encrypts the hash with a shared secret key before transmitting it.

Answer 74

Hashed Message Authentication Code (HMAC)

Question 75

The process for creating a unique digital fingerprint signature for a set of data.

Answer 75

Hashing

Question 76

A mathematical value entered into the algorithm to produce ciphertext.

Answer 76

Key

Question 77

A common hash algorithm of several different versions.

Answer 77

Message Digest (MD)

Question 78

A revision of MD4 that is designed to address it weaknesses.

Answer 78

Message Digest 5 (MD5)

Question 79

The process of proving that a user performed an action.

Answer 79

Nonrepudiation

Question 80

A password hash for Microsoft Windows systems that is no longer recommended for use.

Answer 80

NTLM (New Technology LAN Manager) Hash

Question 81

An updated version of NTLM that uses HMAC with MD5.

Answer 81

NTLMv2 (New Technology LAN Manager Version 2) Hash

Question 82

Using a unique truly random key to create ciphertext.

Answer 82

One-Time Pad (OTP)

Question 83

Data input into an encryption algorithm.

Answer 83

Plaintext

Question 84

A commercial product that is commonly used to encrypt e-mail messages.

Answer 84

Pretty Good Privacy (PGP)

Question 85

An asymmetric encryption key that does have to be protected.

Answer 85

Private Key

Question 86

Cryptographic algorithms that use a single key to encrypt and decrypt a message.

Answer 86

Private Key Cryptography

Question 87

An asymmetric encryption key that does not have to be protected.

Answer 87

Public Key

Question 88

Encryption that uses two mathematically related keys.

Answer 88

Public Key Cryptography

Question 89

An asymmetric cryptography that attempts to use the unusual and unique behavior of microscopic objects to enable users to securely develop and share keys.

Answer 89

Quantum Cryptography

Question 90

A hash algorithm that uses two different and independent parallel chains of computation and then combines the result at the end of the process.

Answer 90

RACE Integrity Primitives Evaluation Message Digest (RIPEMD)

Question 91

An RC stream cipher that will accept keys up to 128 bits in length.

Answer 91

RC4

Question 92

A family of cipher algorithms designed by Ron Rivest.

Answer 92

Rivest Cipher (RC)

Question 93

An asymmetric algorithm published in 1977 and patented by MIT in 1983.

Answer 93

RSA

Question 94

A secure hash algorithm that creates hash values of longer lengths than Message Digest (MD) algorithms.

Answer 94

Secure Hash Algorithm (SHA)

Question 95

Hiding the existence of data within a text - audio - image - or video file.

Answer 95

Steganography

Question 96

An algorithm that takes one character and replaces it with one character.

Answer 96

Stream Cipher

Question 97

Encryption that uses a single key to encrypt and decrypt a message.

Answer 97

Symmetric Cryptographic Algorithm