Strayer SEC402 WK 5 Midterm Exam

SEC 402 WK 5 Midterm Exam

TRUE/FALSE

1. A SYN flood is characterized by the brute force transmission of requests for access to the target network, with the aim of overwhelming its capacity to receive them.

2. Computerized information is so tightly bound within the fabric of our society that its trustworthiness and availability has to be assured in order for our basic social functions to operate properly.

3. There is general agreement about what legitimately constitutes the right set of actions to deter hostile activity in cyberspace.

4. There been a standard definition of what constitutes due care in the information protection realm since the beginning of the discipline.

5. FISMA is a piece of legislation; therefore, as is the usual case with legislation, the actual means of implementing the federal law is left up to the National Institute of Standards and Technology (NIST).

MULTIPLE CHOICE

1. ____ bundles mutually supporting government initiatives into a single coordinated effort to ensure the security of cyberspace and includes the establishment of a coordinated national capability to identify and remediate computer vulnerabilities.
a. CHCI, 2008 c. CNCI, 2008
b. CCNI, 2008 d. CICN, 2008

2. Under the ____ rule, protection isn’t adequate if any part of it can be exploited.
a. complete protection c. complete coverage
b. complete inspection d. complete system

3. The normal way to make certain that a compromise does not happen is to put technical or ____ controls in place to ensure the security of all items that have to be protected.
a. psychological c. personal
b. behavioral d. barrier

4. In order to operate properly, technical and behavioral controls have to be coordinated from within a single consistent ____.
a. foundation c. resource
b. landscape d. framework

5. The problem with protecting information is that it is nothing more than a(n) ____ for something of value in the real world.
a. parasite c. substitute
b. proxy d. analog

6. The first step in any cybersecurity process is to ____.
a. get it properly organized c. make the controls as strong as possible
b. get as much information as possible d. move as fast as possible

7. It is essential that the people responsible for assuring information follow a disciplined and well-defined ____.
a. evacuation c. hierarchy
b. pattern d. process

8. In order for a defense to be effective, all of the requisite ____ have to be in place and properly coordinated.
a. assets c. countermeasures
b. intrusions d. backup controls

9. The ____ of a piece of information might be derived from the importance of the idea, or the criticality of the decision, or it can represent simple things like your bank account number.
a. value c. effectiveness
b. cost d. assessment

10. A(n) ____ that only reflects the focus and interests of a single field will almost certainly have exploitable holes in it.
a. offense c. control
b. defense d. mitigation

11. IT departments install technical countermeasures, but ____ have the responsibility to deploy accompanying physical security controls.
a. often c. rarely
b. routinely d. frequently

12. In most organizations, physical and electronic security involve ____ entirely separate and independent areas.
a. two c. four
b. three d. five

13. A reasonably accurate ____ of the important information that the organization considers valuable and where it is kept is important.
a. inventory c. hierarchy
b. survey d. map

14. Any workable solution has to be ____.
a. elegant c. detailed
b. practical d. complex

15. A security infrastructure should reflect the ____ needs of the business as well as its business requirements.
a. technical c. maturation
b. monetary d. assurance

16. The role of ____ is to ensure that information resources that are needed to underwrite a particular business strategy are kept confidential, correct, and available.
a. governance c. risk analysis
b. assurance d. cybersecurity

17. The aim of ____ is to maintain an optimum and secure relationship between each of the company’s business processes and their respective information security functions.
a. formal governance c. formal auditing
b. informal governance d. formal planning

18. Instead of being motivated by a desire to prove their art, hackers today are motivated by ____ and political ends.
a. financial loss c. financial gain
b. reputation d. notoriety

19. ____ is nothing more than the ability to demonstrate that all reasonable precautions were taken to prevent harm resulting from something that you are legally responsible for.
a. Due care c. Due cause
b. Due security d. Due justice

20. The EBK is a product of the Department of Homeland Security’s ____.