Chapter 1

Question 1

Today, people working in cyberspace must deal with new and constantly evolving ________.

Answer 1

threats

Question 2

Connecting your computers or devices to the ________ immediately exposes them to attack.

Answer 2

Internet

Question 3

The world needs people who understand computer-systems ________ and who can protect computers and networks from criminals and terrorists.

Answer 3

security

Question 4

___________ is the duty of every government that wants to ensure its national security.

Answer 4

Cybersecurity

Question 5

A ___________ gives priorities to the functions an organization needs to keep going.

Answer 5

business continuity plan (BCP)

Question 6

SIP is a ___________ protocol used to support real-time communications.

Answer 6

signaling

Question 7

A ___________ defines how a business gets back on its feet after a major disaster like a fire or hurricane.

Answer 7

disaster recovery plan (DRP)

Question 8

Software vendors must protect themselves from the liabilities of their own vulnerabilities with a(n) ____________.

Answer 8

End-User License Agreement (EULA)

Question 9

____________ is the practice of hiding data and keeping it away from unauthorized users.

Answer 9

Cryptography

Question 10

___________ is the process of transforming data from cleartext into ciphertext.

Answer 10

Encryption

Question 11

____________ is the amount of time it takes to recover and make a system, application, and data available for use after an outage.

Answer 11

Recovery time objective (RTO)

Question 12

The director of IT security is generally in charge of ensuring that the ____________ conforms to policy.

Answer 12

Workstation Domain

Question 13

A ________ examines the network layer address and routes packets based on routing protocol path determination decisions.

Answer 13

Layer 3 switch

Question 14

The ____________ represents the fourth layer of defense for a typical IT infrastructure.

Answer 14

LAN-to-WAN Domain

Question 15

A ________ is a collection of computers connected to one another or to a common connection medium.

Answer 15

local area network (LAN)

Question 16

The physical part of the LAN Domain includes a __________, which is an interface between the computer and the LAN physical media.

Answer 16

network interface card (NIC)

Question 17

With wireless LANs (WLANs), radio transceivers are used to transmit IP packets from a WLAN NIC to a _____________.

Answer 17

wireless access point (WAP)

Question 18

This security appliance examines IP data streams for common attack and malicious intent patterns.

Answer 18

intrusion detection system (IDS)

Question 19

The ________ is where the fourth layer of defense is required.

Answer 19

LAN-to-WAN Domain

Question 20

The tunnel can be created between a remote workstation using the public Internet and a VPN router or a secure browser and ________ Web site.

Answer 20

Secure Sockets Layer virtual private network (SSL-VPN)

Question 21

The _________ Domain connects remote users to the organization_s IT infrastructure.

Answer 21

Remote Access

Question 22

What fills security gaps and software weaknesses?

Answer 22

Testing and quality assurance

Question 23

The goal and objective of a __________ is to provide a consistent definition for how an organization should handle and secure different types of data.

Answer 23

data classification standard

Question 24

Which of the following is the definition of ciphertext?

Answer 24

The opposite of cleartext. Data sent as ciphertext is not visible and not decipherable.

Question 25

The requirement to keep information private or secret is the definition of __________.

Answer 25

confidentiality

Question 26

The act of transforming cleartext data into undecipherable ciphertext is the definition of __________.

Answer 26

encryption

Question 27

What name is given to an exterior network that acts as a buffer zone between the public Internet and an organization's IT infrastructure (i.e., LAN-to-WAN Domain)?

Answer 27

demilitarized zone (DMZ)

Question 28

What term is used to describe the amount of time that an IT system, application, or data is not available to users?

Answer 28

downtime

Question 29

Which of the following describes the Family Educational Rights and Privacy Act (FERPA)?

Answer 29

A U.S. federal law that protects the private data of students, including their transcripts and grades, with which K-12 and higher-education institutions must comply.

Question 30

What name is given to a U.S. federal law that requires U.S. government agencies to protect citizens_ private data and have proper security controls in place?

Answer 30

Federal Information Security Management Act (FISMA)

Question 31

(T/F) Today_s LAN standard is the Institute of Electrical and Electronics Engineers (IEEE) 802.

Answer 31

TRUE

Question 32

(T/F) Hypertext Transfer Protocol (HTTP) is the communications protocol between Web browsers and Web sites with data in cleartext.

Answer 32

TRUE

Question 33

(T/F) The network security group is responsible for the Internet-to-WAN Domain.

Answer 33

FALSE

Question 34

(T/F) Typically, the director of IT security ensures that the company meets WAN Domain security policies, standards, procedures, and guidelines.

Answer 34

TRUE

Question 35

(T/F) Multiprotocol Label Switching (MPLS) is a WAN software feature that allows customers to maximize performance.

Answer 35

TRUE

Question 36

(T/F) The weakest link in the security of an IT infrastructure is the server.

Answer 36

FALSE

Question 37

(T/F) The International Information Systems Security Certification Consortium (ISC)2, has two certifications: Systems Security Certified Practitioner (SSCP) and Certified Information Systems Security Professional (CISSP). CISSP candidates must pass a difficult and comprehensive exam and have at least 5 years of professional information security experience.

Answer 37

TRUE

Question 38

(T/F) Many organizations, after conducting a security assessment of their IT setup, never end up aligning policy definitions to gaps and exposures.

Answer 38

FALSE

Question 39

(T/F) Organizations should start defining their IT security policy framework by defining an asset classification policy.

Answer 39

TRUE