IS4550 CHAPTER 9 Flashcards

1
Q

A leading technique, methodology, or technology that through experience has proved to be very reliable and tends to produce consistent and quality results is called ___.

A

BEST PRACTICE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Temporary workers who can be assigned to any role is called ___.

A

CONTRACTORS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Assets that are essential for the society and economy to function is called ___.

A

CRITICAL INFRASTRUCTURE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In the context of information security, this refers to a process by which senior leaders through a chain of command are apprised of a risk. This continues one level of organizational structure at a time until the issue is addressed or has reached the highest level of the organization is called ___.

A

ESCALATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Granting elevated rights temporarily to enable a person to resolve a problem quickly and provides emergency access to unprivileged users is called ___.

A

FIRECALL-ID PROCESS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

To eliminate as many security risks as possible by reducing access rights to the minimum needed to perform any task, ensuring access is authenticated to unique individuals, removing all nonessential software, and other configuration steps that eliminate opportunities for unauthorized access is called ___.

A

HARDEN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An employee, consultant, contractor, or vendor; the ___ may even be the IT technical people who designed the system, application, or security that is being hacked. The ___ know the organization and the applications.

A

INSIDER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An ___ is when two or more audit disciplines are combined to conduct a single audit

A

INTEGRATED AUDIT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Captures the keystrokes of a user is called ___.

A

KEYLOGGER SOFTWARE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

___ is a separate platform used to collect logs from platforms throughout the network.

A

LOG SERVER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When a hacker outlines a story in which the employee is asked to reveal information that weakens the security is called ___.

A

PRETEXTING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Designed to heighten the awareness and accountability of those users with administrator rights is called ___.

A

PRIVILEGED-LEVEL ACCESS AGREEMENT (PAA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Individuals responsible for designing and implementing a security program within an organization is called ___.

A

SECURITY PERSONNEL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

.Manipulating or tricking a person into weakening the security of an organization is called ___.

A

SOCIAL ENGINEERING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A type of attack in which the hacker adds this code to a Web or application input box to gain access to or alter data in the database is called ___.

A

STRUCTURE QUERY LANGUAGE (SQL) INJECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Hardware and software that collects critical information to keep a facility operating is called ___.

A

SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) SYSTEM

17
Q

A complete record of what access was granted and the business reason behind it in order to resolve a problem is called ___.

A

TROUBLE TICKET

18
Q
  1. Pretexting is when a hacker breaks into a firewall.

TRUE OR FALSE

A

FALSE

19
Q
  1. What can key logger software capture?
  2. Usernames
  3. Passwords
  4. Websites visited
  5. All the above
A

Usernames
Passwords
Websites visited

20
Q
  1. You can use a ___ process to grant temporary elevated rights.
A

Firecall-ID

21
Q
  1. Security awareness is required by which of the following?
  2. Law
  3. Customers
  4. Shareholders
  5. All the above
A

Law

22
Q
  1. A(n) ___ looks at risk and issues an independent opinion.
A

Auditor

23
Q
  1. A privileged-level access agreement (pas) prevents an administrator from abusing elevated rights.
    TRUE OR FALSE
A

FALSE

24
Q
  1. which of the following does an acceptable use policy relate to?
  2. Server to server communication
  3. Users accessing the Internet
  4. Encryption when transmitting files
  5. 1 and 2
A

Users accessing the Internet

25
Q
  1. A(n) ___ has inside information on how an organization operates.
A

Insider

26
Q
  1. Social engineering occurs when a hacker posts her victories on s social Web site.
    TRUE OR FALSE
A

FALSE

27
Q
  1. Typically in large organizations all administrators have the same level of authority.
    TRUE OR FALSE
A

FALSE

28
Q
  1. A CISO must ___ risks if the business unit is not responsive.
A

Escalate