Deck 12: Information Security Management

A) passwords
B) backup and recovery
C) compliance
D) identification and authorization

A) unauthorized data disclosure
B) incorrect data modification
C) faulty service
D) denial of service

A) intrusion detection system
B) account administration system
C) business intelligence system
D) malware definition

A) create backup of cookies and temporary files
B) send no valuable data via email or IM
C) use a single valid password for all accounts
D) conduct transactions using http rather than https

A) drive-by sniffing
B) email spoofing
C) IP spoofing
D) system hacking

A) Usurpation
B) Encryption
C) Spoofing
D) Sniffing

A) hacking
B) sniffing
C) data mining
D) phishing

A) Spoofing
B) Hacking
C) Pretexting
D) Sniffing

A) hacking
B) data mining
C) pretexting
D) sniffing

A) Cookies
B) Viral hooks
C) Mashups
D) Keys

A) Drive-by sniffers
B) Key punchers
C) Hackers
D) Phishers

A) application design
B) dissemination of information
C) physical security
D) malware protection

A) All studies on costs of computer crimes are based on unobtrusive research.
B) There are several set standards for tallying computer crime costs and financial losses.
C) The financial losses faced by companies due to human error are enormous.
D) Damages caused by natural disasters are minimal when compared to the damages due to human errors.

A) Hadoop
B) safeguard
C) information silo
D) third-party cookie

A) usurpation
B) spoofing
C) hacking
D) sniffing

A) backup and recovery
B) firewalls
C) physical security
D) procedure design

A) hacker
B) phisher
C) drive-by sniffer
D) key puncher

A) spoofing
B) hacking
C) usurpation
D) DOS attack

A) Advanced Persistent Threat (APT)
B) Advanced Volatile Threat (AVT)
C) local area network denial (LAND)
D) denial of service (DOS)

A) technical safeguards
B) data safeguards
C) human safeguards
D) procedural safeguards

A) Usurpation
B) Authentication
C) Standardization
D) Encryption

A) payment card
B) biometric passport
C) smart card
D) flashcard

A) internal firewall
B) perimeter firewall
C) packet-filtering firewall
D) application firewall

A) key escrow
B) asymmetric encryption
C) symmetric encryption
D) biometric authentication

A) authenticates
B) identifies
C) conceals
D) encrypts

A) Malware
B) Metadata
C) Shareware
D) Firewall

A) authenticates
B) identifies
C) conceals
D) encrypts

A) File Transfer Protocol (FTP)
B) Simple Mail Transfer Protocol (SMTP)
C) Secure Shell (SSH)
D) Transport Layer Security (TLS)

A) Perimeter firewalls
B) Internal firewalls
C) Packet-filtering firewalls
D) Application firewalls

A) masquerade as useful programs
B) are specifically programmed to spread
C) are installed without a user's permission
D) are used to replicate programs

A) Secure Shell (SSH)
B) Secure Socket Layer (SSL)
C) File Transfer Protocol (FTP)
D) Post Office Protocol (POP)

A) flashcards
B) smart cards
C) biometric authentication
D) symmetric encryption

A) adware
B) Trojan horses
C) spyware
D) payloads

A) personal identification number
B) password
C) biometric detail
D) key

A) Position sensitivity is a type of data safeguard.
B) Documenting position sensitivity enables security personnel to prioritize their activities.
C) Documentation of position sensitivity is carried out only for highly sensitive jobs.
D) Documentation of position sensitivity is carried out only for new employees.

A) SMTP
B) SFTP
C) HTTPS
D) HTTP

A) With symmetric encryption, the same key is used for both encoding and decoding.
B) Asymmetric encryption is simpler and much faster than symmetric encryption.
C) With symmetric encryption, encoding and decoding are performed by two different keys.
D) Public key/private key is a special version of symmetric encryption used on the Internet.

A) application design
B) backup and recovery
C) accountability
D) procedure design

A) digital
B) standardized
C) encrypted
D) structured

A) It allows help-desk representatives to create new passwords for users.
B) It reduces the strength of the security system.
C) It protects the anonymity of a user.
D) It helps authenticate a user.

A) centralized reporting, preparation, and practice
B) account administration, systems procedures, and security monitoring
C) separation of duties, provision of least privilege, and position sensitivity
D) responsibility, accountability, and compliance

A) application design
B) procedure design
C) contingency plan
D) incident-response plan

A) create two passwords and switch back and forth between the two
B) immediately change the password they are given to a password of their own
C) maintain the same password they are given for all future authentication purposes
D) ensure that they do not change their passwords frequently, thereby reducing the risk of password loss

A) account administration
B) security monitoring
C) password management
D) data administration