Chapter 1 Review Questions

1. Each of the following is a reason why it is difficult to defend against today’s attackers except
_____________ .
C. complexity of attack tools

2. A(n) _____ attack takes advantage of vulnerabilities that have not been previously revealed.
A. zero day

3. _____ ensures that only authorized parties can view the information.
C. Confidentiality

4. Each of the following is a successive layer in which information security is achieved except
_________________.
D. Intrusion Wormhole Defense (IWD)

5. A(n) _____ is a person or thing that has the power to carry out a threat.
B. threat agent

6. Each of the following is a goal of information security except __________.

B. Decrease user productivity

7. The _____ requires that enterprises must guard protected health information and implement policies
and procedures to safeguard it.
A. Health Insurance Portability and Accountability Act (HIPAA)

8. Utility companies, telecommunications, and financial services are considered prime targets of _____
because attackers can significantly disrupt business and personal activities by destroying a few
targets.
A. cyberterrorists

9. After an attacker probed a computer or network for information she would next ________.
B. penetrate any defenses

10. An organization that purchased security products from different vendors in case an attacker
circumvented the Brand A device, yet would have more difficulty trying to break through a Brand B
device because they are different, is an example of ________.
D. diversity

11. _____ is a superset of information security and includes security issues that do not involve
computers.
C. Information assurance (IA)

12. _____ attacks come from multiple sources instead of a single source.
A. Distributed
13. _____ are a loose-knit network of attackers, identity thieves, and financial fraudsters.
A. Cybercriminals

14. Each of the following is a characteristic of cybercriminals except ________.

A. low motivation

15. Each of the following is a characteristic of cybercrime except ________.

D. exclusive use of worms and viruses

16. An example of a(n) _____ is a software defect in an operating system that allows an unauthorized
user to gain access to a computer without a password
A. vulnerability

17. _____ requires banks and financial institutions to alert customers of their policies and practices in
disclosing customer information and to protect all electronic and paper containing personally
identifiable financial information.
D. Gramm-Leach-Bliley Act (GLBA)

18. The term _____ is commonly used in a generic sense to identify anyone who illegally breaks into a
computer system.
A. hacker

19. An example of _____would be not revealing the type of computer, operating system, software, and
network connection a computer uses.
C. obscurity

20. The _____ is primarily responsible for assessment, management, and implementation of security.
A. Chief Information Security Officer (CISO)
 Chapter 2 Review Questions
1. A(n) _____ is a program that secretly attaches itself to a carrier such as a document or program and
then executes when that document is opened or program is launched.
A. virus

2. The first action that a virus takes once it infects a computer is to

D. replicate

3. Each of the following is a different type of computer virus except

B. remote virus

4. A computer program that pretends to clean up a hard drive but actually performs a malicious activity
is known as a(n)
A. Trojan

5. To remove a rootkit from a computer you should

C. reformat the hard drive and reinstall the operating system

6. Each of the following could be a logic bomb except

C. Send spam to all employees

7. _____ is a technique used by spammers to horizontally separate words so they are not trapped by a
filter yet can still be read by the human eye.
A. Word splitting

8. _____ is an image spam that is divided into multiple images and each piece of the message is
divided and then layered to create a complete and legible message.
A. GIF layering

9. _____ is a general term used for describing software that violates a user’s personal security.
D. Spyware

10. A(n) _____ is either a small hardware device or a program that monitors each keystroke a user types
on the computer's keyboard.
A. keylogger

11. Attackers use _____ to remotely control zombies.

D. Internet Relay Chat (IRC)

12. On modern computer systems the BIOS is stored on a _____ chip

C. Programmable Read Only Memory (PROM)
13. Each of the following is an advantage of a USB device except
A. slower speed

14. _____ is a single, dedicated hard disk-based file storage device that provides centralized and
consolidated disk storage that is available to users through a standard network connection.
B. Network Attached Storage (NAS)

15. Each of the following is an attack that can be used against cell phones except
D. Turn off the cell phone

16. The ability to move a virtual machine from one physical computer to another with no impact on
users is called ____.
D. live migration

17. The _____ is the software that runs on a physical computer and manages multiple virtual machine
operating systems.
B. hypervisor

18. _____ is exploiting a vulnerability in the software to gain access to resources that the user would
normally be restricted from obtaining.
D. Privilege escalation

19. Each of the following is the reason why adware is scorned except
D. It displays the attackers programming skills

20. An attacker who controls multiple zombies in a botnet is known as a(n)

A. Bot herder
 Chapter 3 Review Questions
1. A(n) _____ is a general software security update intended to cover vulnerabilities that have been
discovered.
C. patch

2. Each of the following is an advantage of an automated patch update service except

A. Users can download the patch immediately when it is released

3. Attackers use buffer overflows to

A. point to another area in data memory that contains the attacker’s malware
code

4. The Windows application _____ will not allow code in the memory area to be executed.
D. Data Execution Prevention (DEP)

5. Each of the following is a step that most security organizations take to configure operating system
protection except
D. Deploy nX randomization

6. A cookie that was not created by the Web site that attempts to access it is called a(n)
C. third-party cookie

7. _____ resides inside an HTML document

B. JavaScript

8. A Java applet _____ is a barrier that surrounds the applet to keep it away from resources on the local
computer.
B. sandbox

9. Address Space Layout Randomization (ASLR) randomly assigns _____ to one of several possible
locations in memory.
A. executable operating system code

10. The TCP/IP protocol _____ handles outgoing mail.

B. Simple Mail Transfer Protocol (SMTP)

11. Instant Messaging (IM) connects two systems

B. directly without using a server

12. With a(n) _____ network users do not search for a file but download advertised files.
A. BitTorrent
13. Another name for antivirus definition files is
A. signature files

14. The preferred location for an spam filter is

A. on the SMTP server

15. A(n) _____ is a list of pre-approved e-mail addresses that the user will accept mail from.
C. whitelist

16. Another name for a packet filter is a(n)

A. firewall

17. A(n) _____ works on the principle of comparing new behavior against normal behavior.
A. Host Intrusion Detection System (HIDS)

18. A(n) _____ is a cumulative package of all security updates plus additional features.
A. service pack

19. A(n) _____ is a method to configure a suite of configuration baseline security settings.
A. security template

20. A(n) _____ is a program that does not come from a trusted source.
D. unsigned Java applet
 Chapter 4 Review Questions
1. A network tap____________________.
B. is a separate device that can be installed between other network devices to
monitor traffic

2. Each of the following is a characteristic of a weak password except_________.

C. a password that is long

3. A(n) _____ is an account on a device that is created automatically to aid in installation and should be
deleted once that is completed.
A. default account

4. A(n) _____ attack attempts to consume network resources so that the devices cannot respond to
legitimate requests.
B. Denial of service

5. Wireless denial of service attacks are successful because wireless LANs use the protocol ________.
A. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)

6. A man-in-the-middle attack_________________.
B. intercepts legitimate communication and forges a fictitious response

7. The difference between a replay attack and a man-in-the-middle attack is________.

B. a replay attack makes a copy of the transmission before sending it to the
recipient

8. An example of an antiquated protocol that has been replaced by a more secure version is ________.
A. Simple Network Management Protocol (SNMP) Version 2

9. Where does the TCP/IP host table name system for a local device store a symbolic name to Internet
Protocol address mappings?
B. In a local hosts file

10. Attackers take advantage of Domain Name System _____ to send fraudulent DNS entries.
D. zone transfers

11. A more secure version of the Berkeley Internet Name Domain software is______.
D. DNSSEC

12. _____ is used for Ethernet local area networks to resolve Internet Protocol addresses.
A. ARP
13. An attack that takes advantage of the order of arrival of TCP packets is_______.
D. TCP/IP hijacking

14. War driving exploits _____, which is the wireless access point sending out information about its
presence and configuration settings.
B. beaconing

15. A group of Bluetooth piconets in which connections exist between different piconets is called
a(n)__________.
A. scatternet

16. _____ is the unauthorized access of information from a wireless device through a Bluetooth
connection.
D. Blue snarfing

17. In a(n) _____ attack the attacker overflows a switch’s address table with fake media access control
(MAC) addresses and makes the switch act like a hub, sending packets to all devices.
A. switch flooding

18. A back door can be created by each of the following except______________.

C. spam

19. Using _____, an attacker attempts to gather information to map the entire internal network of the
organization supporting the DNS server.
A. DNS transfer

20. Each of the following could be the result of an ARP poisoning attack except________.
A. change entries in a DNS zone transfer table
 Chapter 5 Review Questions
1. Subnetting ____________________.
B. is also called subnet addressing

2. A virtual LAN (VLAN) allows devices to be grouped _____________.

A. logically

3. Convergence combines voice, data, and video traffic ____________.

A. over a single IP network

4. Each of the following is a convergence security vulnerability except __________.

A. convergence resource attacks (CRA)

5. Which of the following is not true regarding a demilitarized zone (DMZ)?

A. It contains servers that are only used by internal network users

6. Network address translation (NAT) _________________.

C. removes private addresses when the packet leaves the network

7. Each of the following is a variation available in network access control (NAC) implementations
except ____________.
C. Network or local

8. Another name for a packet filter is a(n) __________________.

B. firewall

9. The _____ establishes the action that a firewall takes on a packet.

B. rule base

10. A(n) _____ intercepts internal user requests and then processes that request on behalf of the user.
A. proxy server

11. A reverse proxy _________________.

B. routes incoming requests to the correct server

12. A honeypot is used for each of the following except ____________.

B. filter packets before they reach the network

13. A(n) _____ watches for attacks but only takes limited action when one occurs.
A. network intrusion detection system (NIDS)
14. A multipurpose security appliance integrated into a router is known as a(n) _______.
B. integrated network security hardware device

15. Each of the following can be used to hide information about the internal network except ______.
D. protocol analyzer

16. The difference between a network intrusion detection system (NIDS) and a network intrusion
prevention system (NIPS) is ___________.
C. a NIPS can take extended actions to combat the attack

17. A variation of NAT that is commonly found on home routers is _______.

B. Port address translation (PAT)

18. If a device is determined to have an out-of-date virus signature file then Network Access Control
(NAC) can redirect that device to a network by _______.
A. Address Resolution Protocol (ARP) poisoning

19. Each of the following is an option in a firewall rule base except _______.
A. delay

20. A firewall using _____ is the most secure type of firewall.

D. stateless packet filtering
 Chapter 6 Review Questions
1. The amendment to add 5.5 Mbps and 11 Mbps to the IEEE 802.11 standard is ______.
B. IEEE 802.11b

2. Access to the wireless network can be restricted by _______.

A. MAC address filtering

3. The cyclic redundancy check (CRC) is also called the _______.

A. integrity check value (ICV)

4. A wireless network requires that the _____ be authenticated first.

C. wireless device

5. The Service Set Identifier (SSID) _____.

A. serves as the network name for a WLAN

6. The optional authentication method that forces the wireless device to encrypt challenge text using its
WEP encryption key is known as _____ .
B. shared key authentication

7. Each of the following is a weakness of open system authentication except _______.

D. open system authentication requires an authentication server

8. The weakness of WEP is that _____.

D. the initialization vectors (IVs) are repeated

9. The two models for personal wireless security developed by the Wi-Fi Alliance are Wi-Fi Protected
Access (WPA) and _____ .
D. Wi-Fi Protected Access 2 (WPA2)

10. The _____ replaces the cyclic redundancy check (CRC) and is designed to prevent an attacker from
capturing, altering, and resending a data packet.
A. Message Integrity Check (MIC)

11. The IEEE standard for wireless security is known as _____ .

C. IEEE 802.11i

12. A(n) _____ is designed to verify the authentication of wireless devices using IEEE 802.1x.
D. authentication server
13. Wireless switches are used in conjunction with _____ for increased security by moving security
features to the switch.
D. thin access points

14. Separate _____ can be used to support low-security guest Internet access and high-security
administrators on the same access point.
A. wireless virtual local area networks (VLANs)

15. Each of the following can be used to monitor airwaves for traffic except a(n) _____.
C. resource monitor probe

16. A WEP key that is 128 bits in length _____ .

A. has an initialization vector that is the same length as a WEP key of 64 bits

17. For a SOHO the best security model would be the _____
D. Wi-Fi Protected Access 2 Personal Security model

18. Preshared key (PSK) authentication requires that the encryption key _____.
A. must be entered on all devices prior to wireless communication occurring

19. _____ stores information from a device on the network so if a user roams away from a wireless
access point and later returns, he does not need to re-enter all of the credentials.
A. Key-caching

20. The _____ model is designed for medium to large-size organizations in which an authentication
server is available.
C. WPA 2 Enterprise Security
 Chapter 7 Review Questions
1. A user entering her username would correspond to the _____ action in access control.
A. identification

2. Access control can be accomplished by each of the following except ______.

A. resource management

3. A process functioning on behalf of the user that attempts to access a file is known as a(n) _______.
B. subject

4. The individual who periodically reviews security settings and maintains records of access by users is
called the _____.
B. custodian

5. In the _____ model, the end user cannot change any security settings.
B. Mandatory Access Control

6. Rule Based Access Control _____.

A. dynamically assigns roles to subjects based on rules

7. Separation of duties requires that _____.

C. processes should be divided between two or more individuals

8. _____ in access control means that if a condition is not explicitly met then it is to be rejected.
A. Implicit deny

9. A(n) _____ is a set of permissions that is attached to an object.

C. access control list (ACL)

10. _____ is a Microsoft Windows feature that provides centralized management and configuration of
computers and remote users who are using Active Directory.
D. Group Policy

11. Which of the following is NOT a characteristic of a brute force attack?

A. They are faster than dictionary attacks.

12. _____ create a large pre-generated data set of hashes from nearly every possible password
combination.
D. Rainbow tables

13. Which of the following is NOT a password policy defense against an attacker stealing a Windows
password file?
C. Disable all necessary accounts.

14. The Domain password policy _____ determines the number of unique new passwords a user must
use before an old password can be reused.
 D. enforce password history

15. A(n) _____ extends a solid metal bar into the door frame for extra security.
D. deadbolt lock

16. A(n) _____ uses buttons that must be pushed in the proper sequence to open the door.
D. cipher lock

17. An ID badge fitted with _____ makes it unnecessary to swipe or scan the badge for entry.
A. radio frequency (RFID) tags

18. Using video cameras to transmit a signal to a specific and limited set of receivers is called _____.
C. closed circuit television (CCTV)

19. The least restrictive access control model is _____.

B. Discretionary Access Control (DAC)

20. The principle known as _____ in access control means that each user should only be given the
minimal amount of privileges necessary for that person to perform their job function.
A. least privilege
 Chapter 8 Review Questions
1. Determining what a user did on a system is called _____.
D. accounting

2. Which of the following is NOT an authentication method?

C. what a user discovers

3. One-time passwords that utilize a token with an algorithm and synchronized time setting is known as
a(n) __________.
C. time-synchronized OTP

4. Which of the following is a difference between a time-synchronized OTP and a challenge-based

OTP?
B. User must enter the challenge into the token with a challenge-based OTP.

5. Keystroke dynamics is an example of what type of biometrics?

A. behavioral biometrics

6. Creating a pattern of when and from where a user accesses a remote Web account is an example of
________.
A. computer footprinting

7. _____ is a decentralized open source FIM that does not require specific software to be installed on
the desktop.
B. OpenID

8. A RADIUS authentication server requires that the _____ must be authenticated first.
A. supplicant

9. Each of the following make up the AAA elements in network security except _______.
A. determining user need (analyzing)

10. Each of the following human characteristics can be used for biometric identification except ______.
A. weight

11. _____ biometrics is related to the perception, thought processes, and understanding of the user.
C. Cognitive

12. Using one authentication to access multiple accounts or applications is known as _______.
D. single sign-on
13. With the development of IEEE 802.1x port security, the authentication server _____ has seen even
greater usage.
B. RADIUS

14. A(n) _____ makes a request to join the network.

D. supplicant

15. _____ is an authentication protocol available as a free download and runs on Microsoft Windows
Vista, Windows Server 2008, Apple Mac OS X, and Linux.
C. Kerberos

16. The version of the X.500 standard that runs on a personal computer over TCP/IP is_____.
B. LDAP

17. The management protocol of IEEE 802.1x that governs the interaction between the system,
authenticator, and RADIUS server is known as _____.
D. Extensible Authentication Protocol (EAP)

18. Which of the following protocols is the strongest?

A. EAP with Transport Layer Security (EAP-TLS)

19. A user-to-LAN virtual private network connection used by remote users is called a(n) _____.
B. remote –access VPN

20. Endpoints that provide _____ capability require that a separate VPN client application be installed
on each device that connects to a VPN server.
C. pass-through VPN
 Chapter 9 Review Questions
1. In information security a(n) _____ is the likelihood that a threat agent will exploit a vulnerability.
C. risk

2. _____ is a systematic and structured approach to managing the potential for loss that is related to a
threat.
D. Risk management

3. Each of the following is a step in risk management except ______.

D. attack assessment

4. Which of the following is NOT an asset classification?

D. Logical assets

5. A threat agent _____.

D. is any person or thing with the power to carry out a threat against an asset

6. _____ constructs scenarios of the types of threats that assets can face in order to learn who the
attackers are, why they attack, and what types of attacks may occur
D. Threat modeling

7. _____ is a current snapshot of the security of an organization.

D. Vulnerability appraisal

8. The _____ is the proportion of an asset’s value that is likely to be destroyed by a particular risk.
D. Exposure Factor (EF)

9. Which of the following is NOT an option for dealing with risk?

B. Eliminate the risk

10. TCP/IP port numbers ________.

C. identify the process that receives the transmission

11. Each of the following is a state of a port that can be returned by a port scanner except _____.
A. busy

12. Each of the following is true regarding TCP SYN port scanning except ______.
C. it uses FIN messages that can pass through firewalls and avoid detection.

13. Network mappers utilize the TCP/IP protocol _____.

D. Internet Control Message Protocol (ICMP)
14. A protocol analyzer places the computer’s network interface card (NIC) adapter into _____ mode.
B. promiscuous

15. Each of the following is a function of a vulnerability scanner except ______.

D. alert users when a new patch cannot be found

16. Which of the following is true of the Open Vulnerability and Assessment Language (OVAL)?
D. It attempts to standardize vulnerability assessments.

17. A UNIX and Linux defense that does not store password hashes in a world-readable file is known as
a _________.
A. shadow password

18. _____ is a method of evaluating the security of a computer system or network by simulating a
malicious attack.
D. Penetration testing

19. Protocol analyzers can _______.

D. fully decode application-layer network protocols

20. Network mappers _______.

D. can send a request packet to each system within a range of IP addresses
 Chapter 10 Review Questions
1. Reviewing a subject’s privileges over an object is known as _____.
A. privilege auditing

2. _____ is the process of assigning and revoking privileges to objects and covers the procedures of
managing object authorizations.
A. Privilege management

3. One of the disadvantages of centralized privilege management is that ______.

D. users may have to wait longer for requested changes to security privileges

4. The individual elements or settings within group policies are known as ______.
A. Group Policy Objects (GPOs)

5. _____ is a set of strategies for administering, maintaining, and managing computer storage systems
in order to retain data.
D. Information lifecycle management (ILM)

6. _____ assigns a level of business importance, availability, sensitivity, security and regulation
requirements to data.
C. Data classification

7. When grouping data into categories, which of the following is NOT a question that is asked of users
regarding their use of data?
D. How was it first created?

8. _____ typically involves an examination of which subjects are accessing specific objects and how
frequently.
A. Usage auditing

9. When permissions are assigned to a folder, any current subfolders and files within that folder _____.
A. inherit the same permissions

10. GPOs that are inherited from parent containers are processed first followed by _____.
A. the order that policies were linked to a container object

11. Each of the following has contributed to an increase in the number of logs generated except ______.
A. faster network access

12. Each of the following is an example of a security application log except ______,
B. Domain Name System (DNS) servers
13. If a firewall log reveals a high number of probes to ports that have no application services running
on them, this could indicate ______.
A. attackers are trying to determine if the ports and corresponding
applications are already in use

14. A(n) _____ is an occurrence within a software system that is communicated to users or other
programs outside the operating system.
C. event

15. Client request and server responses are found in which type of logs?
A. System event logs

16. Each of the following is an advantage to using logs except ______.

D. logs can be useful for identifying user passwords that may have been lost

17. Each of the following is a challenge to log management except ______.

A. single standard for log formats

18. ___ refers to a methodology for making changes and keeping track of those changes, often manually.
A. Change management

19. A group that oversees changes is known as a(n) _______.

A. Change Management Team (CMT)

20. Each of the following is a monitoring mechanism except ______.

C. Risk-based monitoring
 Chapter 11 Review Questions
1. The areas of a file in which steganography can hide data including all of the following except
______.
D. in the directory structure of the file system

2. Data that is to be encrypted by inputting into an algorithm is called ______.

D. plaintext

3. Each of the following is a basic security protection over information that cryptography can provide
except ______.
B. stop loss

4. Proving that a user sent an e-mail message is known as ______.

A. non-repudiation

5. A(n) _____ is never intended to be decrypted but is only used for comparison purposes.
D. digest

6. Each of the following is an example of how hashing is used except ______.

D. encrypting and decrypting e-mail attachments

7. Which of the following is NOT a characteristic of a secure hash algorithm?

D. Collisions should be rare.

8. The data added to a section of text when using the Message Digest (MD) algorithm is called ______.
C. padding

9. Which of the following is a protection provided by hashing?

B. integrity

10. Symmetric cryptographic algorithms are also called ______.

D. private key cryptography

11. Monoalphabetic substitution ciphers and homoalphabetic substitution ciphers are examples of
______.
A. symmetric stream ciphers

12. Which of the following is the strongest symmetric cryptographic algorithm?

C. Advanced Encryption Standard

13. When Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm,
which key does he use to encrypt the message?
B. Alice's public key
14. A digital signature can provide each of the following benefits except ______.
A. verify the receiver

15. Which of the following asymmetric cryptographic algorithms is the most secure?
A. RSA

16. _____ uses the Windows NTFS file system to automatically encrypt all files.
A. Encrypting File System (EFS)

17. The Microsoft Windows BitLocker whole disk encryption cryptography technology can protect each
of the following except ______.
D. Domain name system files

18. The Trusted Platform Module (TPM) _____.

C. provides cryptographic services in hardware instead of software

19. Most security experts recommend that _____ be replaced with a more secure algorithm.
A. DES

20. The Microsoft Windows LAN Manager hash ______.

E. is weaker than NTLMv2
 Chapter 12 Review Questions
1. The strongest technology that would assure Alice that Bob is the sender of a message is a(n) ______.
B. digital certificate

2. A digital certificate associates ________.

A. the user’s identity with their public key

3. An entity that issues digital certificates for others is a(n) ________.

A. Certificate Authority (CA)

4. A list of approved digital certificates is called a(n) ________.

B. Certificate Repository (CR)

5. Digital certificates can be used for each of the following except ________.
C. Verify the authenticity of the Registration Authorizer

6. In order to ensure a secure cryptographic connection between a Web browser and a Web server a
_____ digital certificate would be used.
D. server digital certificate

7. A digital certificate that turns the address bar green is a(n) ________.
A. Extended Validation SSL Certificate

8. Digital certificates that are split into two parts are known as _____ certificates.
C. dual-sided

9. Which of the following is NOT a field of an X.509 certificate?

D. CA expiration code

10. Public key infrastructure (PKI) ________.

C. is the management of digital certificates

11. Public-Key Cryptography Standards (PKCS) ________.

B. are widely accepted in the industry

12. The ______ trust model supports CA.

C. third party

13. Hierarchical trust models are best suited for ________.

B. single organizations

14. A(n) _____ is a published set of rules that govern the operation of a PKI.
D. certificate policy (CP)
15. Each of the following is a part of the certificate life cycle except ________.
C. Authorization

16. Keys can be stored in each of the following except ________.

D. in hashes

17. _____ refers to a situation in which keys are managed by a third-party, such as a trusted CA.
A. Key escrow

18. A cryptographic transport protocol for FTP is ________.

D. Secure Sockets Layer (SSL)

19. What is the cryptographic transport protocol that is used most often to secure Web transactions?
A. HTTPS

20. Which is the most secure VPN cryptographic transport protocol?

C. IPsec
 Chapter 13 Review Questions
1. Each of the following is required for a fire to occur except ______.
C. a spark to start the process

2. An electrical fire like that which would be found in a computer data center is known as what type of
fire?
C. Class C

3. Each of the following is a category of fire suppression systems except a ______.

A. wet chemical system

4. Van Eck phreaking is _______.

A. picking up electromagnetic fields generated by a computer system

5. Plenums are ______.

A. the air-handling space above drop ceilings

6. A standby server exists only to take over for another server in the event of its failure is known as
a(n) _______.
D. asymmetric server cluster

7. “RAID” is an abbreviation of ________.

B. Redundant Array of Independent Drives

8. RAID _____ uses disk mirroring and is considered fault-tolerant.

B. Level 1

9. An example of a nested RAID is

A. Level 0+1

10. A(n) _____ is always running off its battery while the main power runs the battery charger.
A. on-line UPS

11. A UPS can perform each of the following except _______.

D. prevent certain applications from launching that will consume too much
power

12. A(n) _____ is essentially a duplicate of the production site and has all the equipment needed for an
organization to continue running.
B. hot site
13. Which of the following is NOT a characteristic of a disaster recovery plan (DRP)?
A. It is a private document only used by top-level administrators for planning.

14. Each of the following is a basic question to be asked regarding creating a data backup except _____.
C. how long will it take to finish the backup?

15. Any time the contents of that file are changed, the archive bit is changed to _____ meaning that this
modified file now needs to be backed up.
B. 1

16. An incremental backup ______.

C. copies all files changed since last full or incremental backup

17. In a grandfather-father-son backup system the weekly backup is called the _____.
B. father

18. _____ is the maximum length of time that an organization can tolerate between data backups.
A. Recovery point objective (RPO)

19. A data backup solution that uses the magnetic disk as a temporary storage area is _____ .
D. disk to disk to tape (D2D2T)

20. When an unauthorized event occurs, the first duty of the computer forensics response should be to
_____.
B. secure the crime scene
 Chapter 14 Review Questions
1. Which of the following is not an approach to trust?
A. Trust authorized individuals only.

2. Which of the following characterizes the attitude that system support personnel generally have
toward security?
B. They are concerned about the ease of managing systems under tight
security controls.

3. A(n) _____ is a collection of suggestions that should be implemented.

D. guideline

4. Which of the following is not a characteristic of a policy?

D. Policies communicate a unanimous agreement of judgment.

5. Each of the following is a step in the risk management study except _____.
B. threat appraisal

6. Each of the following is what a security policy must do except _____.

A. state reasons why the policy is necessary

7. Each of the following should serve on a security policy development team except ______.
C. representative from an antivirus vendor

8. _____ is defined as the obligations that are imposed on owners and operators of assets to exercise
reasonable care of the assets and take necessary precautions to protect them.
D. Due care

9. Each of the following is a guideline for developing a security policy except ______.
D. require all users to approve the policy before it is implemented

10. A(n) _____ defines the actions users may perform while accessing systems and networking
equipment.
D. acceptable use policy

11. A password management and complexity policy will encourage users to avoid weak passwords by
recommending each of the following except _______.
C. do not use alphabetic characters

12. A Personally Identifiable Information (PII) policy ______.

B. outlines how the organization uses information it collects
13. When a file is deleted using Microsoft Windows, _______.
A. the information itself remains on the hard drive until it is overwritten by
new files

14. Each of the following is usually contained in a service level agreement except ______.
C. requirements for PII

15. A classification of information policy is designed to produce a standardized framework for

classifying _____.
D. information assets

16. _____ may be defined as the study of what people understand to be good and right behavior and how
people make those judgments.
A. Ethics

17. For adult learners a(n) _____ approach (the art of helping an adult learn) is often preferred.
D. andragogical

18. Social engineering ______.

A. relies on tricking and deceiving someone to provide secure information

19. _____ is a technique that targets only specific users.

A. Spear phishing

20. Watching an individual enter a security code on a keypad without her permission is known as
_______.
A. shoulder surfing