8/8/2020 Test: Info Security Test 1 | Quizlet

NAME

7 Matching questions

A. a category of objects, people, or other entities that

1. warm site
represents a potential danger to an asset. They are always
present
2. threat
B. specific avenues that threat agents can exploit to attack an
3. What are vulnerabilities? How do you identify them? information asset. they are a flaw or weakness in an
information asset

4. dictionary
C. A form of brute force for guessing passwords. The dictionary
attack selects specific accounts and uses a list of common
5. Containment
passwords to make guesses.

6. What is a DMZ D. provides many of the same services and options as a hot site.
However, it typically does not include the actual applications
7. service bureau the company needs, or the applications may not yet be
installed and configured.

E. an agency that provides a service for a fee. In the case of

disaster recovery and continuity planning, the service is the
agreement to provide physical facilities during and after a
disaster. These types of agencies also frequently provide off-
site data storage for a fee. Contracts can be carefully created
with service bureaus to specify exactly what the organization
needs without having to reserve dedicated facilities.

F. the process of determining which systems have been

attacked and removing their ability to attack uncompromised
systems.

G. is the network segment that may be engineered between the

external access to a network and the internal areas.

7 Multiple choice questions

1. has a higher probability of success; has strong upper management support, a dedicated champion, usually dedicated funding,
a clear planning and implementation process, and the means of influencing organizational culture
A.
What is the primary purpose of the USA PATRIOT Act?
B.
What is the difference between a denial-of-service attack and a distributed denial-of-service attack? Which is more
dangerous? Why?
C.
Why is the top-down approach to information security superior to the bottom-up approach?
D.
What questions must be addressed when selecting a firewall for a specific organization?

https://quizlet.com/74317104/test 1/4
8/8/2020 Test: Info Security Test 1 | Quizlet

2. a software filter—technically not a firewall—that allows administrators to restrict access to content from within a network.
A.
What is a content filter?
B.
What is stateful inspection?
C.
What is the primary purpose of the USA PATRIOT Act?
D.
What is a VPN?

3. all planning conducted by the organization to prepare for, react to, and recover from events that threaten its security of
information and information assets
three types: incident response plans, disaster recovery plans, and business continuity plans
A.
mutual agreement
B.
When is DR plan used?
C.
When is the BC plan used?
D.
Contingency planning

4. When vulnerabilities have been controlled as much as possible, any remaining risk that has not been removed, shifted, or
planned for
A.
password crack
B.
residual risk
C.
Containment
D.
brute force

5. the value associated with the most likely loss from an attack. It is a calculation based on an asset's value and the expected
percentage of loss from one occurrence of a particular attack.
A.
single loss expectancy
B.
cold site
C.
residual risk
D.
cost-benefit analysis

6. assurance that the information is complete and uncorrupted

A.
dictionary
B.
integrity
C.
confidentiality
D.
Containment

https://quizlet.com/74317104/test 2/4
8/8/2020 Test: Info Security Test 1 | Quizlet

7. they are the people closest to the organization's data and they have access to it. Employee mistakes can easily lead to the
revelation of classified data, entry of erroneous data, accidental data deletion or modification, storage of data in unprotected
areas, and failure to protect information.
A.
Why is the top-down approach to information security superior to the bottom-up approach?
B.
Why are employees one of the greatest threats to information security?
C.
What is a sacrificial host? What is a bastion host?
D.
What is a buffer overflow, and how is it used against a Web server?

6 True/False questions

1. expert hacker develops software scripts and codes to exploit relatively unknown vulnerabilities; master of several languages
and OS

unskilled hackers uses scripts and code developed by skilled hackers; rarely write own hacks, unskilled in programming
languages → Why is the top-down approach to information security superior to the bottom-up approach?

True

False

2. laws- rules that mandate or prohibit certain behavior in society (have a governing authority, ethics do not)
ethics- define socially acceptable behavior → What is the difference between law and ethics?

True

False

3. The application layer firewall takes into consideration the nature of the applications that are being run, including the type and
timing of the network connection requests as well as the type and nature of the traffic that is generated. The packet-filtering
firewall simply looks at the packets as they are transferred. → What is the typical relationship among the untrusted network, the
firewall, and the trusted network?

True

False

4. DoS-occurs when an attacker sends a large number of connection or information requests to a target
DDoS-occurs when a coordinated stream of requests is launched against a target from many locations at the same time
DDoS is more dangerous b/c more difficult to defend against with no controls any org can apply  → What is the difference
between a denial-of-service attack and a distributed denial-of-service attack? Which is more dangerous? Why?

True

False

5. makes malicious code more difficult to detect; code changes overtime → Why does polymorphism cause greater concern than
traditional malware? How does it affect detection?

True

False

https://quizlet.com/74317104/test 3/4
8/8/2020 Test: Info Security Test 1 | Quizlet

6. assurance that information is shared only among authorized people or organizations → availability

True

False

https://quizlet.com/74317104/test 4/4