IS3230 CHAPTER 5

Question 1

A confirmed event that compromises the confidentiality, integrity, or availability of information is called ___.

Answer 1

BREACH

Question 2

Requires a business operating in California to notify customers when it has reason to believe that personal information has been disclosed through unauthorized access is called ___.

Answer 2

CALIFORNIA IDENTITY THEFT STATUTE

Question 3

A federal criminal statute designed to protect electronic data from theft is called ___.

Answer 3

COMPUTER FRAUD AND ABUSE ACT (CFAA)

Question 4

A method of scrambling data for security purposes. Published in 1974, it has since been broken and is no longer considered highly secured is called ___.

Answer 4

DATA ENCRYPTION STANDARD (DES) ENCRYPTION

Question 5

A US copyright law that enacts criminal penalties for breaking or distributing technology designed to break digital rights management technologies is called ___.

Answer 5

DIGITAL MILLENNIUM COPYRIGHT ACT (DMCA)

Question 6

Random data that is used as the basis for an encryption algorithm. The randomness of this data provides an additional layer of security to the encryption is called ___.

Answer 6

HASH SALT

Question 7

The method used to store passwords up to 15 characters in Windows operating systems prior to Window Vista is called ___.

Answer 7

LAN MANAGER (LM) HASH

Question 8

A challenge-response authentication protocol used by NT servers when using the Server Message Block (SMB) protocol is called ___.

Answer 8

NTLM HASH

Question 9

A comprehensive process for determining the privacy, confidentiality, and security risks associated with the collection, use, and disclosure of personal information. It also describes the measures used to mitigate, and if possible, eliminate identified risks is called ___.

Answer 9

PRIVACY IMPACT ASSESSMENT (PIA)

Question 10

An ID badge with an embedded radio frequency identification chip. This chip can store information about the badge holder, such as authentication information and security access levels is called ___.

Answer 10

RADIO FREQUENCY IDENTIFICATION (RFID) BADGES

Question 11

An encrypted password database used in Unix and Linus operating systems is called ___.

Answer 11

SHADOW PASSWORD

Question 12

A group of 188 nations that have signed treaties to protect intellectual property across national borders is called ___.

Answer 12

WORLD INTELLECTUAL PROPERTY ORGANIZATION (WIPO)

Question 13

1. Information security falls strictly under the jurisdiction of federal law–state law does not restrict information security practices.
   TRUE OR FALSE

Answer 13

FALSE

Question 14

2. The two primary federal law that are concerned with information security are the Digital Millennium copyright Act and the ____.

Answer 14

Computer Fraud and Abuse Act

Question 15

3. Which federal law discussed in the chapter allows civil actions to be brought against individuals who sell passwords?
4. CFAA
5. DMCA
6. DCMA
7. CFFA

Answer 15

CFAA

Question 16

4. Which federal law provides penalties for circumventing digital rights management?
5. CFAA
6. DMCA
7. DCMA
8. CFFA

Answer 16

DMCA

Question 17

5. Which law discussed in the chapter is concerned with preventing identity theft?
6. California Identity Theft Statute
7. Federal Identity Theft Statute
8. Idaho Identity Theft Statute
9. Colorado Identity Theft Statute

Answer 17

California Identity Theft Statute

Question 18

6. Which of the following are effective physical security policies?
7. All physical security must comply with all applicable regulations such as building and fire codes.
8. Access to secure computing facilities will be grand only to individuals with a legitimate business need for access
9. All secure computing facilities that allow visitors must have an access log
10. Visitors must be escorted at all times
11. All the above

Answer 18

ALL THE ANSWERS

1. All physical security must comply with all applicable regulations such as building and fire codes.
2. Access to secure computing facilities will be grand only to individuals with a legitimate business need for access
3. All secure computing facilities that allow visitors must have an access log
4. Visitors must be escorted at all times

Question 19

7. What are the two primary causes of access control failure discussed in the chapter? (More than one may apply)
8. People
9. Planning
10. Technology
11. Implementation
12. Follow-up analysis

Answer 19

People.

Technology

Question 20

8. Which of the following are types of security breaches? (Choose all that apply)
9. System exploits
10. DoS attacks
11. PII
12. Eavesdropping
13. Social engineering

Answer 20

System exploits
DoS attacks

Eavesdropping
Social engineering

Question 21

9. Anything from an organization’s operating system to its choice of Web browser or instant messaging client could be an access point for unauthorized access to the systems.
   TRUE OR FALSE

Answer 21

TRUE

Question 22

10. When should a privacy impact assessment be performed?
11. During the planning stages of a new system
12. After a new system is designed
13. After a new system is implemented
14. After a security breach

Answer 22

During the planning stages of a new system

Question 23

11. The two most common motives for a security breach are monetary gain and gain ____.

Answer 23

VANDALISM

Question 24

12. A security breach can result in criminal penalties as well as financial losses.
    TRUE OR FALSE

Answer 24

TRUE