Question 1 0 out of 0 points Incorrect Effective management includes planning and ____.

Answer Selected Answer: [None Given] Correct Answer: All of the above Question 2 0 out of 0 points Incorrect The Cisco security kernel contains three component technologies: the Interceptor /Packet Analyzer, the Security Verification ENgine (SVEN), and Kernel Proxies. Answer Selected Answer: [None Given] Correct Answer: True Question 3 0 out of 0 points Incorrect In order to keep the Web server inside the internal network, direct all HTTP req uests to the proxy server and configure the internal filtering router/firewall o nly to allow the proxy server to access the internal Web server. Answer Selected Answer: [None Given] Correct Answer: True Question 4 0 out of 0 points Incorrect The ____ hijacking attack uses IP spoofing to enable an attacker to impersonate another entity on the network. Answer Selected Answer: [None Given] Correct Answer: TCP Question 5 0 out of 0 points Incorrect Likelihood risk is the risk to the information asset that remains even after the application of controls. Answer Selected Answer: [None Given] Correct Answer: False Question 6 0 out of 0 points Incorrect Many corporations use a ____ to help secure the confidentiality and integrity of information. Answer

Selected Answer: [None Given] Correct Answer: data classification scheme Question 7 0 out of 0 points Incorrect You should adopt naming standards that do not convey information to potential sy stem attackers. Answer Selected Answer: [None Given] Correct Answer: True Question 8 0 out of 0 points Incorrect Syntax errors in firewall policies are usually difficult to identify. Answer Selected Answer: [None Given] Correct Answer: False Question 9 0 out of 0 points Incorrect Leaving unattended computers on is one of the top information security mistakes made by individuals. Answer Selected Answer: [None Given] Correct Answer: True Question 10 0 out of 0 points Incorrect The Department of Homeland Security is the only U.S. federal agency charged with the protection of American information resources and the investigation of threa ts to, or attacks on, the resources. Answer Selected Answer: [None Given] Correct Answer: False Question 11 0 out of 0 points Incorrect The physical design is the blueprint for the desired solution. Answer Selected Answer: [None Given] Correct Answer: False Question 12 0 out of 0 points Incorrect In 1995 the Directive 95/46/EC was adopted by the European Union. Answer Selected Answer: [None Given]

Correct Answer: Question 13 0 out of 0 points

True

Incorrect Static filtering is common in network routers and gateways. Answer Selected Answer: [None Given] Correct Answer: True Question 14 0 out of 0 points Incorrect The possession of information is the quality or state of having value for some p urpose or end. Answer Selected Answer: [None Given] Correct Answer: False Question 15 0 out of 0 points Incorrect Information security can begin as a grassroots effort in which systems administr ators attempt to improve the security of their systems, which is often referred to as a bottom-up approach. Answer Selected Answer: [None Given] Correct Answer: True Question 16 0 out of 0 points Incorrect A(n) contingency plan is prepared by the organization to anticipate, react to, a nd recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to n ormal modes of business operations. Answer Selected Answer: [None Given] Correct Answer: True Question 17 0 out of 0 points Incorrect Internal benchmarking can provide the foundation for baselining. Answer Selected Answer: [None Given] Correct Answer: False Question 18 0 out of 0 points Incorrect Individuals with authorization and privileges to manage information within the o rganization are most likely to cause harm or damage ____. Answer

Selected Answer: Correct Answer: by accident Question 19 0 out of 0 points

[None Given]

Incorrect The Computer ____ and Abuse Act of 1986 is the cornerstone of many computer-rela ted federal laws and enforcement efforts. Answer Selected Answer: [None Given] Correct Answer: Fraud Question 20 0 out of 0 points Incorrect In addition to recording intrusion attempts, a(n) router can be configured to us e the contact information to notify the firewall administrator of the occurrence of an intrusion attempt. Answer Selected Answer: [None Given] Correct Answer: True Question 21 0 out of 0 points Incorrect Redundancy can be implemented at a number of points throughout the security arch itecture, such as in ____. Answer Selected Answer: [None Given] Correct Answer: All of the above Question 22 0 out of 0 points Incorrect In general, protection is the quality or state of being secureto be free from dang er. Answer Selected Answer: [None Given] Correct Answer: False Question 23 0 out of 0 points Incorrect Firewalls fall into ____ major processing-mode categories. Answer Selected Answer: [None Given] Correct Answer: five Question 24 0 out of 0 points

Incorrect ____ attempts to prevent trade secrets from being illegally shared. Answer Selected Answer: [None Given] Correct Answer: Economic Espionage Act Question 25 0 out of 0 points Incorrect A champion is a project manager, who may be a departmental line manager or staff unit manager, and understands project management, personnel management, and inf ormation security technical requirements. Answer Selected Answer: [None Given] Correct Answer: False Question 26 0 out of 0 points Incorrect Program-specific policies address the specific implementations or applications o f which users should be aware. Answer Selected Answer: [None Given] Correct Answer: False Question 27 0 out of 0 points Incorrect Technical controls are the tactical and technical implementations of security in the organization. Answer Selected Answer: [None Given] Correct Answer: True Question 28 0 out of 0 points Incorrect Acts of ____ can lead to unauthorized real or virtual actions that enable inform ation gatherers to enter premises or systems they have not been authorized to en ter. Answer Selected Answer: [None Given] Correct Answer: trespass Question 29 0 out of 0 points Incorrect Much human error or failure can be prevented with training and ongoing awareness activities. Answer Selected Answer: [None Given] Correct Answer: True Question 30

0 out of 0 points Incorrect A computer is the ____ of an attack when it is used to conduct the attack. Answer Selected Answer: [None Given] Correct Answer: subject Question 31 0 out of 0 points Incorrect ____ policies address the particular use of certain systems. Answer Selected Answer: [None Given] Correct Answer: Systems-specific Question 32 0 out of 0 points Incorrect When organizations adopt levels of security for a legal defense, they may need t o show that they have done what any prudent organization would do in similar cir cumstances. This is referred to as a(n) ____. Answer Selected Answer: [None Given] Correct Answer: standard of due care Question 33 0 out of 0 points Incorrect There are generally two skill levels among hackers: expert and ____. Answer Selected Answer: [None Given] Correct Answer: novice Question 34 0 out of 0 points Incorrect Criminal or unethical ____ goes to the state of mind of the individual performin g the act. Answer Selected Answer: [None Given] Correct Answer: intent Question 35 0 out of 0 points Incorrect The United States has implemented a version of the DMCA law called the Database Right, in order to comply with Directive 95/46/EC. Answer

Selected Answer: Correct Answer: Question 36 0 out of 0 points

[None Given] False

Incorrect The vision of an organization is a written statement of an organizations purpose. Answer Selected Answer: [None Given] Correct Answer: False Question 37 0 out of 0 points Incorrect The general management of an organization must structure the IT and information security functions to defend the organizations information assets. Answer Selected Answer: [None Given] Correct Answer: True Question 38 0 out of 0 points Incorrect ____ often function as standards or procedures to be used when configuring or ma intaining systems. Answer Selected Answer: [None Given] Correct Answer: SysSPs Question 39 0 out of 0 points Incorrect SOHO assigns non-routing local addresses to the computer systems in the local ar ea network and uses the single ISP-assigned address to communicate with the Inte rnet. Answer Selected Answer: [None Given] Correct Answer: False Question 40 0 out of 0 points Incorrect A mail bomb is a form of DoS. Answer Selected Answer: [None Given] Correct Answer: True Question 41 0 out of 0 points Incorrect A content filter is essentially a set of scripts or programs that restricts user access to certain networking protocols and Internet locations. Answer

Selected Answer: Correct Answer: Question 42 0 out of 0 points

[None Given] True

Incorrect The National Information Infrastructure Protection Act of 1996 modified which Ac t? Answer Selected Answer: [None Given] Correct Answer: Computer Fraud and Abuse Act Question 43 0 out of 0 points Incorrect All organizations with an Internet connection have some form of a router at the boundary between the organizations internal networks and the external service pro vider. Answer Selected Answer: [None Given] Correct Answer: False Question 44 0 out of 0 points Incorrect Metrics-based measures are generally less focused on numbers and more strategic than process-based measures. Answer Selected Answer: [None Given] Correct Answer: False Question 45 0 out of 0 points Incorrect Circuit gateway firewalls prevent direct connections between one network and ano ther. Answer Selected Answer: [None Given] Correct Answer: True Question 46 0 out of 0 points Incorrect The ____ strategy attempts to shift risk to other assets, other processes, or ot her organizations. Answer Selected Answer: [None Given] Correct Answer: transfer control Question 47 0 out of 0 points Incorrect

Know yourself means identifying, examining, and understanding the threats facing the organization. Answer Selected Answer: [None Given] Correct Answer: False Question 48 0 out of 0 points Incorrect The outside world is known as the trusted network (e.g., the Internet). Answer Selected Answer: [None Given] Correct Answer: False Question 49 0 out of 0 points Incorrect Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set o f configuration rules. Answer Selected Answer: [None Given] Correct Answer: True Question 50 0 out of 0 points Incorrect The Department of Homeland Security was created in 1999. Answer Selected Answer: [None Given] Correct Answer: False Question 51 0 out of 0 points Incorrect Kerberos ____ provides tickets to clients who request services. Answer Selected Answer: [None Given] Correct Answer: TGS Question 52 0 out of 0 points Incorrect The military uses a ____-level classification scheme. Answer Selected Answer: [None Given] Correct Answer: five Question 53 0 out of 0 points Incorrect The investigation phase of the SecSDLC begins with a directive from upper manage

ment. Answer Selected Answer: Correct Answer: Question 54 0 out of 0 points

[None Given] True

Incorrect A firewall is a mechanism that keeps certain kinds of network traffic out of a p rivate network. Answer Selected Answer: [None Given] Correct Answer: True Question 55 0 out of 0 points Incorrect The Federal Privacy Act of 1974 regulates government agencies and holds them acc ountable if they release information about national security. Answer Selected Answer: [None Given] Correct Answer: False Question 56 0 out of 0 points Incorrect You cannot use qualitative measures to rank values. Answer Selected Answer: [None Given] Correct Answer: False Question 57 0 out of 0 points Incorrect CBAs cannot be calculated after controls have been functioning for a time. Answer Selected Answer: [None Given] Correct Answer: False Question 58 0 out of 0 points Incorrect Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationalitys ethical be havior violates the ethics of another national group. Answer Selected Answer: [None Given] Correct Answer: True Question 59 0 out of 0 points Incorrect Some firewalls can filter packets by protocol name. Answer

Selected Answer: Correct Answer: Question 60 0 out of 0 points

[None Given] True

Incorrect ____ are software programs that hide their true nature, and reveal their designe d behavior only when activated. Answer Selected Answer: [None Given] Correct Answer: Trojan horses Question 61 0 out of 0 points Incorrect Information has redundancy when it is free from mistakes or errors and it has th e value that the end user expects. Answer Selected Answer: [None Given] Correct Answer: False Question 62 0 out of 0 points Incorrect During the ____ phase, specific technologies are selected to support the alterna tives identified and evaluated in the logical design. Answer Selected Answer: [None Given] Correct Answer: physical design Question 63 0 out of 0 points Incorrect ____ is any technology that aids in gathering information about a person or org anization without their knowledge. Answer Selected Answer: [None Given] Correct Answer: Spyware Question 64 0 out of 0 points Incorrect Which of the following phases is the longest and most expensive phase of the sys tems development life cycle? Answer Selected Answer: [None Given] Correct Answer: maintenance and change Question 65 0 out of 0 points

Incorrect The Federal Agency Security Practices (FASP) site is a popular place to look up best practices. Answer Selected Answer: [None Given] Correct Answer: True Question 66 0 out of 0 points Incorrect When a dual-homed host approach is used, the bastion host contains four NICs. Answer Selected Answer: [None Given] Correct Answer: False Question 67 0 out of 0 points Incorrect Mutually exclusive means that all information assets must fit in the list somewh ere. Answer Selected Answer: [None Given] Correct Answer: False Question 68 0 out of 0 points Incorrect The value of information comes from the characteristics it possesses. Answer Selected Answer: [None Given] Correct Answer: True Question 69 0 out of 0 points Incorrect HIPAA specifies particular security technologies for each of the security requir ements to ensure the privacy of the health-care information. Answer Selected Answer: [None Given] Correct Answer: False Question 70 0 out of 0 points Incorrect When determining the relative importance of each asset, refer to the organizatio ns mission statement or statement of objectives to determine which elements are e ssential, which are supportive, and which are merely adjuncts. Answer Selected Answer: [None Given] Correct Answer: True Question 71 0 out of 0 points Incorrect

A managerial guidance SysSP document is created by the IT experts in a company t o guide management in the implementation and configuration of technology. Answer Selected Answer: [None Given] Correct Answer: False Question 72 0 out of 0 points Incorrect There are limits to the level of configurability and protection that software fi rewalls can provide. Answer Selected Answer: [None Given] Correct Answer: True Question 73 0 out of 0 points Incorrect If every vulnerability identified in the organization is handled through mitigat ion, it may reflect an inability to conduct proactive security activities and an apathetic approach to security in general. Answer Selected Answer: [None Given] Correct Answer: False Question 74 0 out of 0 points Incorrect Risk evaluation is the process of identifying, assessing, and evaluating the lev els of risk facing the organization, specifically the threats to the organizatio ns security and to the information stored and processed by the organization. Answer Selected Answer: [None Given] Correct Answer: False Question 75 0 out of 0 points Incorrect A(n) honeynet is usually a computing device or a specially configured computer t hat allows or prevents access to a defined area based on a set of rules. Answer Selected Answer: [None Given] Correct Answer: False Question 76 0 out of 0 points Incorrect When Web services are offered outside the firewall, SMTP traffic should be block ed from internal networks through the use of some form of proxy access or DMZ ar chitecture. Answer Selected Answer: [None Given] Correct Answer: False Question 77

0 out of 0 points Incorrect Policies are documents that specify an organizations approach to security. Answer Selected Answer: [None Given] Correct Answer: True Question 78 0 out of 0 points Incorrect The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the ____ plan. Answer Selected Answer: [None Given] Correct Answer: IR Question 79 0 out of 0 points Incorrect The Security Area Working Group endorses ISO/IEC 17799. Answer Selected Answer: [None Given] Correct Answer: False Question 80 0 out of 0 points Incorrect A Web server is often exposed to higher levels of risk when placed in the DMZ th an when it is placed in the untrusted network. Answer Selected Answer: [None Given] Correct Answer: False Question 81 0 out of 0 points Incorrect Every state has implemented uniform laws and regulations placed on organizationa l use of computer technology. Answer Selected Answer: [None Given] Correct Answer: False Question 82 0 out of 0 points Incorrect A(n) ____ attack is a hacker using a personal computer to break into a system. Answer Selected Answer: [None Given] Correct Answer: direct Question 83 0 out of 0 points

Incorrect ____ filtering requires that the filtering rules governing how the firewall deci des which packets are allowed and which are denied be developed and installed wi th the firewall. Answer Selected Answer: [None Given] Correct Answer: Static Question 84 0 out of 0 points Incorrect The firewall can often be deployed as a separate network containing a number of supporting devices. Answer Selected Answer: [None Given] Correct Answer: True Question 85 0 out of 0 points Incorrect ____ was the first operating system to integrate security as its core functions. Answer Selected Answer: [None Given] Correct Answer: MULTICS Question 86 0 out of 0 points Incorrect In the U.S. military classification scheme, ____ data is any information or mate rial the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. Answer Selected Answer: [None Given] Correct Answer: confidential Question 87 0 out of 0 points Incorrect A benefit of a(n) dual-homed host is its ability to translate between many diffe rent protocols at their respective data link layers, including Ethernet, token r ing, Fiber Distributed Data Interface, and asynchronous transfer mode. Answer Selected Answer: [None Given] Correct Answer: True Question 88 0 out of 0 points Incorrect The ability to restrict a specific service is now considered standard in most ro uters and is invisible to the user. Answer

Selected Answer: Correct Answer: Question 89 0 out of 0 points

[None Given] True

Incorrect Hardware is often the most valuable asset possessed by an organization and it is the main target of intentional attacks. Answer Selected Answer: [None Given] Correct Answer: False Question 90 0 out of 0 points Incorrect RAID ____ drives can be hot swapped. Answer Selected Answer: [None Given] Correct Answer: 5 Question 91 0 out of 0 points Incorrect ____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty. Answer Selected Answer: [None Given] Correct Answer: Risk Question 92 0 out of 0 points Incorrect Best practices in firewall rule set configuration state that the firewall device is never accessible directly from the public network. Answer Selected Answer: [None Given] Correct Answer: True Question 93 0 out of 0 points Incorrect There are four general causes of unethical and illegal behavior. Answer Selected Answer: [None Given] Correct Answer: False Question 94 0 out of 0 points Incorrect In information security, benchmarking is the comparison of security activities and events against the organizations future performance. Answer

Selected Answer: Correct Answer: Question 95 0 out of 0 points

[None Given] False

Incorrect The amount of money spent to protect an asset is based in part on the value of t he asset. Answer Selected Answer: [None Given] Correct Answer: True Question 96 0 out of 0 points Incorrect According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the informa tion obtained and whether the offense is judged to have been committed for each of the following except ____. Answer Selected Answer: [None Given] Correct Answer: to harass Question 97 0 out of 0 points Incorrect Which of the following functions does information security perform for an organi zation? Answer Selected Answer: [None Given] Correct Answer: All of the above. Question 98 0 out of 0 points Incorrect Firewalls can be categorized by processing mode, development era, or structure. Answer Selected Answer: [None Given] Correct Answer: True Question 99 0 out of 0 points Incorrect The ____ of 1999 provides guidance on the use of encryption and provides protect ion from government intervention. Answer Selected Answer: [None Given] Correct Answer: Security and Freedom through Encryption Act Question 100 0 out of 0 points

Incorrect The Federal Bureau of Investigations National InfraGard Program serves its member s in four basic ways: Maintains an intrusion alert network using encrypted e-mai l; Maintains a secure Web site for communication about suspicious activity or in trusions; Sponsors local chapter activities; Operates a help desk for questions. Answer Selected Answer: [None Given] Correct Answer: True Question 101 0 out of 0 points Incorrect A worm requires that another program is running before it can begin functioning. Answer Selected Answer: [None Given] Correct Answer: False Question 102 0 out of 0 points Incorrect Within best practices, the optimum standard is a subcategory of practices that a re typically viewed as the best of the best. Answer Selected Answer: [None Given] Correct Answer: False Question 103 0 out of 0 points Incorrect ____ inspection firewalls keep track of each network connection between internal and external systems. Answer Selected Answer: [None Given] Correct Answer: Stateful Question 104 0 out of 0 points Incorrect A(n) cookie can allow an attacker to collect information on how to access passwo rd-protected sites. Answer Selected Answer: [None Given] Correct Answer: True Question 105 0 out of 0 points Incorrect Secure VPNs use security red public networks like Answer Selected Answer: Correct Answer: Question 106 protocols and encrypt traffic transmitted across unsecu the Internet. [None Given] True

0 out of 0 points Incorrect Compared to Web site defacement, vandalism within a network is less malicious in intent and more public. Answer Selected Answer: [None Given] Correct Answer: False Question 107 0 out of 0 points Incorrect Intellectual property is defined as the ownership of ideas and control over the t angible or virtual representation of those ideas. Answer Selected Answer: [None Given] Correct Answer: True Question 108 0 out of 0 points Incorrect ALE determines whether or not a particular control alternative is worth its cost . Answer Selected Answer: [None Given] Correct Answer: False Question 109 0 out of 0 points Incorrect Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator. Answer Selected Answer: [None Given] Correct Answer: True Question 110 0 out of 0 points Incorrect Benefit is the value that an organization realizes by using controls to prevent losses associated with a specific vulnerability. Answer Selected Answer: [None Given] Correct Answer: True Question 111 0 out of 0 points Incorrect In a(n) ____, each information asset is assigned a score for each of a set of as signed critical factor. Answer Selected Answer: [None Given] Correct Answer: weighted factor analysis Question 112

0 out of 0 points Incorrect The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization. Answer Selected Answer: [None Given] Correct Answer: CISO Question 113 0 out of 0 points Incorrect The U.S. Secret Service is a department within the Department of the Interior. Answer Selected Answer: [None Given] Correct Answer: False Question 114 0 out of 0 points Incorrect Circuit gateway firewalls usually look at data traffic flowing between one netwo rk and another. Answer Selected Answer: [None Given] Correct Answer: False Question 115 0 out of 0 points Incorrect The gateway router can be used as the front-line defense against attacks, as it can be configured to allow only set types of protocols to enter. Answer Selected Answer: [None Given] Correct Answer: True Question 116 0 out of 0 points Incorrect A(n) project team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas. Answer Selected Answer: [None Given] Correct Answer: True Question 117 0 out of 0 points Incorrect In most common implementation models, the content filter has two components: ___ _. Answer Selected Answer: [None Given] Correct Answer: rating and filtering

Question 118 0 out of 0 points Incorrect The DMZ cannot be a dedicated port on the firewall device linking a single basti on host. Answer Selected Answer: [None Given] Correct Answer: False Question 119 0 out of 0 points Incorrect The static packet filtering firewall allows only a particular packet with a part icular source, destination, and port address to enter through the firewall. Answer Selected Answer: [None Given] Correct Answer: False Question 120 0 out of 0 points Incorrect A best practice proposed for a small home office setting is appropriate to help design control strategies for a multinational company. Answer Selected Answer: [None Given] Correct Answer: False