Chapter 1: Introduction to Information Security
1. An indirect attack involves a hacker using a personal computer to break into a system.
ANS: F PTS: 1 REF: 3
2. The value of information comes from the characteristics it possesses.
ANS: T PTS: 1 REF: 6
3. By balancing information security and access, a completely secure information system can be created.
ANS: F PTS: 1 REF: 8
4. The security blueprint is a detailed version of the security framework.
ANS: T PTS: 1 REF: 25
5. One of the basic tenets of security architectures is the spheres of security.
ANS: F PTS: 1 REF: 30
1. Which term describes a subject or object’s ...view middle of the document...
|communication, information, and asset|
ANS: B PTS: 1 REF: 7
8. The McCumber Cube provides a ____ description of the architectural approach widely used in computer and information security.
ANS: C PTS: 1 REF: 8
9. Which individual interferes with or disrupts systems to protest the operations, policies, or actions of an organization or government agency?
ANS: D PTS: 1 REF: 11
10. Which individual is considered to be a script kiddie who uses automated tools to inundate a Web site with a barrage of network traffic, usually resulting in a denial of service?
ANS: B PTS: 1 REF: 12
11. Which threat is the most common intellectual property (IP) breach?
a.|Software piracy|c.|Shoulder surfing|
ANS: A PTS: 1 REF: 12
12. Which attack is used when a copy of the hash of the user’s password has been obtained?
a.|Rainbow attack|c.|Dictionary attack|
b.|Brute force attack|d.|Spoofing|
ANS: A PTS: 1 REF: 13
13. Which e-mail attack occurs when an attacker routes large quantities of e-mail to the target system?
b.|Mail bomb|d.|Timing attack|
ANS: B PTS: 1 REF: 16
14. A(n) ____ is an application error that occurs when more data is sent to a buffer than it can handle.
a.|timing attack|c.|dictionary attack|
b.|application control list|d.|buffer overflow|
ANS: D PTS: 1 REF: 17
15. Which security project team role is filled by a senior executive who promotes the project and ensures that it is supported, both financially and administratively, at the highest levels of the organization?
a.|Team leader|c.|Chief information officer|
b.|Champion|d.|Chief information security officer|
ANS: B PTS: 1 REF: 19
16. Which security project team role is filled by individuals who understand the organizational culture, existing policies, and requirements for developing and implementing successful policies?
a.|Security policy developers|c.|Security professionals|
b.|Risk assessment specialists|d.|Team leader|
ANS: A PTS: 1 REF: 19
17. When organizations record versions of their policy in English and alternate languages, they are attempting to meet the ____ criteria to make the policy effective and legally enforceable.
a.|Comprehension (understanding)|c.|Review (reading)|
b.|Compliance (agreement)|d.|Dissemination (distribution)|
ANS: C PTS: 1 REF: 20
18. A(n) ____ is a written statement of the organization’s purpose.
ANS: D PTS: 1 REF: 21
19. An enterprise information security policy (EISP) is also known as a(n) ____.
a.|issue-specific security policy|c.|systems-specific security policy|
b.|general security policy|d.|strategic planning policy|
ANS: B PTS: 1 REF: 21