It223 Final

Identifying a person based on one or more approximately characteristics of his/her psychology and or behavior can be performed using a class of technology called known as? 

A process by which use of system resources is regulated according to a security policy and is permitted only by authorized entities (users, programs, processes,or other systems) according to policy.  

On interstate 66 in Vienna VA, the posted speed limit is 55 but most of vehicles are traveling at approximately 65 mph. The posted speed in this case might be described as_______ standard?  

The intrusion detection system fails to detect a real detection.  The failure is best described as a/an? There are two acceptable answers, give either one.  

 In a multilevel security scheme, the ability of a subject to read objects based on the subjects clearance and objects classification is determined by a rule known as the?  

The application of computing and network resources to try every possible password combination, 

The primary difference between an attack and a more generic threat is that an attack requires?  

A computer virus is a program fragment that is inserted into the files of a host operating system, application program or other software. Computer virus is also known as malware or malicious software. 

A botnet is used to coordinate thousands of computers to send massive certain IP address, overwhelming the capacity of the network devices service.  This is an example of a/an?  

A certain type of malicious software is designed to record everything a user can collect that data and exploit it.  (Perhaps by entering the users user ID as a masquerade attack)  This software is commonly referred to as a/an? 

Security (IPsec) is one technology that allows communication over public network (the internet) but with a level of security somewhat equivalent to that of a secure network facilities.  A system constructed in this manner is known as a/an?  A full name not just the acronym.   

It is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity or availability of information. It is especially important and implemented when the information in question is financial for example Dual signature on cashiers check. 

Is a document which may be continually edited and updated by either a limited or unrestricted group for example article in Wikipedia. It may or may not have a framework for updates, changes or adjustments. 

An employee is terminated for cause (“fired”).  This is example  of a/an 

When implemented correctly an information security program provides maximum security and unlimited usability. 

• A.

  True

• B.

  False

 Integrity and accuracy are two names for the same information? 

• A.

  True

• B.

  False

An employee is charged with violating Federal Law.  He pleads not guilty on the grounds that he was acting on specific directions from his employee.  It is likely that he will be acquitted? (i.e. Found not guilty) 

• A.

  True

• B.

  False

In order to claim copyright over a creative work, the author must include clearly visible within or adjacent to the work.  (See the bottom of this page) 

• A.

  True

• B.

  False

.  A code of ethics is developed and enforced by a collection of people (association, society at) and applies to each member of that society. 

• A.

  True

• B.

  False

The purpose of a honey pot is to gather information……. so they can be prosecuted by appropriate 

• A.

  True

• B.

  False

If a file on a computer system is deleted by a user……. the data in the file is no longer accessible? 

• A.

  True

• B.

  False

How to study for certification exams 

• A.

  Self study guide

• B.

  Mentors and study partners

• C.

  Work experience, training media and formal training programs

• D.

  All

When IP security (IP Sec) is used in tunnel mode protection is applied to the entire original packet  

• A.

  True

• B.

  False

Defense in depth requires adaption of a ______program

• A.

  Analyze/design/implement

• B.

  Protect/detect/react

• C.

  Information Systems

Information Security involves securing  

• A.

  . Economical Advantage

• B.

  Information

• C.

  Information systems

Two generic techniques for providing confidentiality are: 

• A.

  Isolation

• B.

  Obfuscation

• C.

  Permutation

A modern example of stenography is select one 

Two functional operations used in cryptographic algorithms: select two 

• A.

  Subsitution

• B.

  Transpostion

• C.

  Adaptation

In order to provide confidentially of a message…. software will typically use an asymmetric algorithm to encrypt using : 

• A.

  A shared key

• B.

  The private key of the sender

• C.

  The public key of the sender

• D.

  The pubic key of the recipient

• E.

  The private key of the recipient

When authentication of origin and integrity and non-repudiation origin of a message is required, the sender can encrypt a hash of the message with  

A common practice used to authenticate the identite require entry of a password associated with user ID when creating a user account is for the system to store:Select one 

• A.

  The password as plaintext

• B.

  A has value of the password

• C.

  A signature of the password

• D.

  A certificate for the password

When an information system uses sassion key to authenticate the identity of a user, best practice 

• A.

  The user’s password as plaintext

• B.

  The user’s password as ciphertext

• C.

  A hash value of the user’s password

• D.

  A different value every time the device is used

A data set has retained its integrity if.. select any or all that apply 

• A.

  Nothing has been added to it

• B.

  Nothing has been deleted from it

• C.

  None of its content has been modified

• D.

  The data is in the original sequence

• E.

  The data correctly reflects the real world

Before accepting a message as authentic, the recipient needs to make sure that :.……(Select any or all that apply)  

• A.

  It really is from the apparent sender

• B.

  Its content correctly reflects the real world

• C.

  Its content is unaltered

• D.

  No additional copies of it will arrive later

• E.

  No one else has read it, other than the sender

One type of intrusion detection systems (IDS) is de ……………sequences that are known to be indicative of an attack…………….(after which this-type of IDS is named) are known… 

• A.

  Characteristics

• B.

  Fingerprints

• C.

  Profiles

• D.

  Signatures

• E.

  Vectors

An anomaly-based intrusion detection system is designed to detect deviations from typical behavior of system users.  A representation of each typical behavior is known as a/an___________.(select one) 

• A.

  Characteristics

• B.

  Fingerprint

• C.

  Profile

• D.

  Signature

• E.

  Vector

A computer system’s data is backed up by taking a full back every Sunday and an incremental backup every other night of the week.  If the system fails on a Thursday morning, which backup data sets would you restore (Select all the apply)  

• A.

  The previous Sunday’s full backup

• B.

  The previous Monday’s incremental backup

• C.

  The previous Tuesday’s incremental backup

• D.

  The previous Thursday’s incremental backup

• E.

  The previous Wednesday's incremental backup

A user’s identification can be authenticated based on select any or all that apply 

• A.

  Something the user has

• B.

  Something the user is

• C.

  Something the user knows

• D.

  Something the user wants

• E.

  Something the user needs

An attacker designs a virus and puts it out on the web, where it spreads and does damage. The attacker is able to use the virus for several days to conduct other attacks before antivirus software manufacturers release   patches/updates to counter the virus and its effects.  what can the attacker do to extend the life of his virus?  

A lady in Nashville owns a recording studio which is part of the similar studios in the area. Because of the recent flooding, the entire studio is underwater and repairs, which will take some time, wont happen until the waters gone. Assuming the lady has good continuity planning, what should she do? Describe hypothetically the steps she should take.