11.The SSL record protocol provides two services for SSL connection: 

11.The SSL record protocol provides two services for SSL connection:  message integrity and _________. 12.The _________ is used to convey SSL-related alerts to the peer entity. 13.A security association is uniquely identified by three parameters:  security parameter index, protocol identifier, and ________________. 14.IP-level security encompasses three functional areas:  authentication, confidentiality, and _________. 15.IPsec provides.

Homework Answers

2 Views

11.Network and host __________ monitor and analyze network and host

11.Network and host __________ monitor and analyze network and host activity and usually compare this information with a collection of attack signatures to identify potential security incidents. 12.The goal of the _______ function is to ensure that all information destined for the incident handling service is channeled through a single focal.

Homework Answers

2 Views

TF11.  In using encryption, we need to decide what to

TF11.  In using encryption, we need to decide what to encrypt and where the encryption gear should be located. TF12.  One disadvantage of the link encryption approach is that the message must be decrypted each time it enters a frame switch. TF13. “The plaintext is 64 bits in length and the key is 56.

Homework Answers

2 Views

  SHORT ANSWER QUESTIONS: 1.________ a security enhancement to the MIME Internet

  SHORT ANSWER QUESTIONS: 1.________ is a security enhancement to the MIME Internet e-mail format standard, based on technology from RSA Data Security. 2.S/MIME content-types support four new functions:  enveloped data, __________, clear-signed data, and signed and enveloped data. 3.A _________ is formed by taking the message digest of the content to be signed.

Homework Answers

2 Views

11.  ________ a process where authentication and permission will be

11.  ________ is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, reducing the number of authentications needed by the user. A.  IntegrationB.  Registration C.  SynchronizationD.  Federation 12.  _______ is a minimal set of conventions for invoking code using XML over HTTP that.

Homework Answers

2 Views

11.To deal with the threat of smoke, the responsible manager

11.To deal with the threat of smoke, the responsible manager should install _______ in every room that contains computer equipment as well as under raised floors and over suspended ceilings. 12.A(n) ________ is a battery backup unit that can maintain power to processors, monitors, and other equipment and can also function.

Homework Answers

2 Views

11.   __________ a term that refers to the means of

11.   __________ is a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key. A.  Session keyB.  Subkey C.  Key distribution techniqueD.  Ciphertext key 12.  A ________ is a key used between entities for the purpose of distributing.

Homework Answers

2 Views

  Chapter 20 – Symmetric Encryption and Message Confidentiality   TRUE/FALSE QUESTIONS: TF1.Symmetric encryption

  Chapter 20 – Symmetric Encryption and Message Confidentiality   TRUE/FALSE QUESTIONS: TF1.Symmetric encryption is also referred to as secret-key or single-key encryption. TF2.   Plaintext is the scrambled message produced as output. TF3.  If both sender and receiver use the same key the system is referred to as asymmetric. TF4.  The ciphertext-only attack is the easiest to defend against. TF5. .

Homework Answers

2 Views

11.   ________ can include computer viruses, Trojan horse programs, worms,

11.   ________ can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits. A.  ArtifactsB.  Vulnerabilities C.  CSIRTD.  Constituencies 12.  A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency is called a ______. A.  CIRTB.  CIRC C.  CSIRTD.  all of the.

Homework Answers

2 Views

11.Contingency planning falls into the _________ class of security controls. 12._________

11.Contingency planning falls into the _________ class of security controls. 12._________ controls focus on preventing security beaches from occurring by inhibiting attempts to violate security policies or exploit a vulnerability. 13.The ________ audit process should be conducted on new IT systems and services once they are implanted; and on existing systems periodically,.

Homework Answers

2 Views

  MULTIPLE CHOICE QUESTIONS: 1._________ the original message or data that fed

  MULTIPLE CHOICE QUESTIONS: 1._________ is the original message or data that is fed into the algorithm as input. A.  PlaintextB.  Encryption algorithm C.  Decryption algorithmD.  Ciphertext 2.  The exact substitutions and transformations performed by the algorithm depend        on the ________. A.  ciphertextB.  decryption algorithm C.  secret keyD.  encryption algorithm 3.  The _________ is the encryption algorithm run.

Homework Answers

2 Views

  SHORT ANSWER QUESTIONS:   1._______ or cybercrime, a term used broadly to

  SHORT ANSWER QUESTIONS:   1._______ or cybercrime, is a term used broadly to describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity. 2.The 2001 _________ is the first international treaty seeking to address Internet crimes by harmonizing national laws, improving investigative techniques,.

Homework Answers

2 Views

  MULTIPLE CHOICE QUESTIONS: 1.  _______ a form of crime that targets

  MULTIPLE CHOICE QUESTIONS: 1.  _______ is a form of crime that targets a computer system to acquire information stored on that computer system, to control the target system without authorization or payment, or to alter the integrity of data or interfere with the availability of the computer or server. A.  Computers as.

Homework Answers

2 Views

TF11.  The principal objective for developing a PKI to enable

TF11.  The principal objective for developing a PKI is to enable secure, convenient, and efficient acquisition of private keys. TF12.  Initialization begins the process of enrolling in a PKI. TF13.  Update is not required when the certificate lifetime expires or as a result of certificate revocation. TF14.  CMP, defined in RFC 2510, is designed to.

Homework Answers

2 Views

11.Messages in the BSD syslog format consist of three parts: 

11.Messages in the BSD syslog format consist of three parts:  PRI, Header, and ___. 12.The ______ repository contains the auditing code to be inserted into an application. 13.______ is the process of defining normal versus unusual events and patterns. 14.______ is detection of events within a given set of parameters, such as within.

Homework Answers

2 Views

11.  A ________ provides distribution channels, such as an online

11.  A ________ provides distribution channels, such as an online shop or a Web retailer. A.  content providerB.  distributor C.  consumerD.  clearinghouse 12.  ________ ensures that a user may make multiple uses of resources or services without others being able to link these uses together. A.  AnonymityB.  Pseudonymity C.  UnobservabilityD.  Unlinkability 13.  ________ is a function.

Homework Answers

2 Views

. Chapter 22 – Internet Security Protocols and Standards   TRUE/FALSE QUESTIONS: TF1. MIME

. Chapter 22 – Internet Security Protocols and Standards   TRUE/FALSE QUESTIONS: TF1. MIME is an extension to the old RFC 822 specification of an Internet mail format. TF2.  MIME provides the ability to sign and/or encrypt e-mail messages. TF3.  Recipients without S/MIME capability can view the message content, although they cannot verify the signature. TF4.  The recipient of.

Homework Answers

2 Views

11.“Must support hash value lengths of 224, 256,384, and 512

11.“Must support hash value lengths of 224, 256,384, and 512 bits” and “algorithm must process small blocks at a time instead of requiring the entire message to be buffered in memory before processing it” are requirements for ________. 12.If speed isa concern, it is fully acceptable to use _________ rather than.

Homework Answers

2 Views

Windows-7-Operating-system-Application-Software-Scroll-bar-Scroll-arrow-Scroll-box-User-accounts-Password-User-icon-Logging-on-Welcome-screen-Restart-command-Sleep-command-Shut-down-command-Recycle-b

A PHP Error was encountered

Severity: Notice

Message: Undefined index: cardCount

Filename: Subject/all_index_subject_page.php

Line Number: 168

Backtrace:

File: /var/www/html/application/views/Subject/all_index_subject_page.php
Line: 168
Function: _error_handler

File: /var/www/html/application/controllers/Subjects.php
Line: 121
Function: view

File: /var/www/html/index.php
Line: 320
Function: require_once

Flashcards

108 Learners

    SHORT ANSWER QUESTIONS: 1._________ a form of auditing that focuses the

    SHORT ANSWER QUESTIONS: 1._________ is a form of auditing that focuses on the security of an organization’s IS assets. 2.A _________is a chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or event.

Homework Answers

2 Views

  SHORT ANSWER QUESTIONS: 1._______ systems automated methods of verifying or recognizing

  SHORT ANSWER QUESTIONS: 1._______ systems are automated methods of verifying or recognizing identity on the basis of some physiological or behavioral characteristic. 2.A software utility initially developed at MIT and available both in the public domain and in commercially supported versions, ________ is the defacto standard for remote authentication. 3.An alternative to each.

Homework Answers

2 Views

11.The ___________ Act places restrictions online organizations in the collection

11.The ___________ Act places restrictions on online organizations in the collection of data from children under the age of 13. 12. Privacy is broken down into four major areas:  anonymity, unlinkability, unobservability, and _________. 13. _______ refers to a system of moral principles that relates to the benefits and harms of particular.

Homework Answers

2 Views

TF11.Low-intensity devices such as cellular telephones do not interfere with electronic

TF11.Low-intensity devices such as cellular telephones do not interfere with electronic equipment. TF12.  Human-caused threats are less predictable than other types of physical threats. TF13.Unauthorized physical access can lead to other threats. TF14.Physical access control should address not just computers and other IS equipment but also locations of wiring used to connect systems,equipment and distribution systems,.

Homework Answers

2 Views

  MULTIPLE CHOICE QUESTIONS: 1.SHA-1 produces a hash value of __________ bits. A. 

  MULTIPLE CHOICE QUESTIONS: 1.SHA-1 produces a hash value of __________ bits. A.  256B.  160 C.  384D.  180 2.  In 2005, NIST announced theintention to phase out approval of _______ and move to a reliance on the other SHAversions by 2010. A.  SHA-1B.  SHA-512 C.  SHA-256D.  SHA-2 3.  Issued as RFC 2104, __________ has been chosen as the.

Homework Answers

2 Views

11.  ___________ was the first published public-key algorithm. A.  NISTB.  Diffie-Hellman C. 

11.  ___________ was the first published public-key algorithm. A.  NISTB.  Diffie-Hellman C.  RC4D.  RSA 12.  The National Institute of Standards and Technology has published Federal Information Processing Standard FIPS PUB 186, known as the __________. A.  XORB.  MD5 C.  MACD.  DSS 13.  The __________ uses an algorithm that is designed to provide only the digital signature.

Homework Answers

2 Views

11.Severe messages, such as immediate system shutdown, a(n) _____  severity. A. 

11.Severe messages, such as immediate system shutdown, is a(n) _____  severity. A.  alertB.  emerg C.  critD.  warning 12.System conditions requiring immediate attention is a(n) _______ severity. A.  alertB.  err C.  noticeD.  emert 13.With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the.

Homework Answers

2 Views

11.In a generic identity management architecture _______ entities that obtain

11.In a generic identity management architecture _______ are entities that obtain and employ data maintained and provided by identity and attribute providers, often to support authorization decisions and to collect audit information. 12._______ is an XML-based language for the exchange of security information between online business partners. 13.________ is a set of.

Homework Answers

2 Views

  MULTIPLE CHOICE QUESTIONS: 1._____ defines a number of content formats, which

  MULTIPLE CHOICE QUESTIONS: 1._____ defines a number of content formats, which standardize representations for the support of multimedia e-mail. A.  MEMB.  MIME C.  MSCD.  DKIM 2.  The ________ function consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients. A.  clear-signed dataB.  signed data C.  enveloped dataD.  signed and enveloped.

Homework Answers

2 Views

  MULTIPLE CHOICE QUESTIONS: 1.________ security protects computer-based data from software-based and

  MULTIPLE CHOICE QUESTIONS: 1.________ security protects computer-based data from software-based and communication-based threats. A.  InfrastructureB.  Premises C.  PhysicalD.  Logical 2.  ________ security provides perimeter security, access control, smoke and fire detection, fire suppression, some environmental protection, and usually surveillance systems, alarms, and guards. A.  PremisesB.  Infrastructure C.  LogicalD.  Physical 3.  ________ includes data processing and storage equipment,.

Homework Answers

2 Views

  Chapter 23 – Internet Authentication Applications   TRUE/FALSE QUESTIONS: TF1.The approach taken by

  Chapter 23 – Internet Authentication Applications   TRUE/FALSE QUESTIONS: TF1.The approach taken by Kerberos is using authentication software tied to a secure authentication server. TF2.  The overall scheme of Kerberos is that of a trusted third-party authentication service. TF3.  Kerberos is designed to counter only one specific threat to the security of a client/server dialogue. TF4.  An obvious security.

Homework Answers

2 Views

11.  _______ a list that contains the combinations of cryptographic

11.  _______ is a list that contains the combinations of cryptographic algorithms supported by the client. A.  Compression methodB.  Session ID C.  CipherSuiteD.  All of the above 12.  ESP supports two modes of use:  transport and _________. A.  paddingB.  tunnel C.  payloadD.  sequence 13.  IPsec can assure that _________. A.  a router advertisement comes from an authorized.

Homework Answers

2 Views

  SHORT ANSWER QUESTIONS: 1.A _________ an organization’s IT systems identifies areas

  SHORT ANSWER QUESTIONS: 1.A _________ on an organization’s IT systems identifies areas needing treatment. 2.________ is a means of managing risk, including policies, procedures, guidelines, practices, or organizational structures. 3.The three steps for IT security management controls and implementation are:  prioritize risks, respond to risks, and __________ . 4.________ controls involve the correct use.

Homework Answers

2 Views

  Chapter 16 – Physical and Infrastructure Security   TRUE/FALSE QUESTIONS:   TF1.  To implement

  Chapter 16 – Physical and Infrastructure Security   TRUE/FALSE QUESTIONS:   TF1.  To implement a physical security program an organization must conduct a risk assessment to determine the amount of resources to devote to physical security and the allocation of those resources against the various threats. TF2. Physical security must also prevent any type of physical.

Homework Answers

2 Views

  SHORT ANSWER QUESTIONS: 1.The Secure Hash Algorithm (SHA) was developed by

  SHORT ANSWER QUESTIONS: 1.The Secure Hash Algorithm (SHA) was developed by the _________ and published as a federal information processing standard (FIPS 180) in 1993. 2.Versions of SHA, with hash value lengths of 256, 384, and 512 bits, (SHA-256, SHA-384, and SHA 512) are collectively known as _________. 3.The evaluation criteria for the.

Homework Answers

2 Views

TF11.  Security education most often taught by outside sources. TF12.   An

TF11.  Security education is most often taught by outside sources. TF12.   An employer cannot be held liable for negligent hiring if an employee causes harm to a third party while acting as an employee. TF13.  As part of their contractual obligation, employees should agree and sign the terms and conditions of their employment contract,.

Homework Answers

2 Views

11.With _________ encryption the encryption process carried out at the

11.With _________ encryption the encryption process is carried out at the two end systems. 12.With ______ encryption each vulnerable communications link is equipped on both ends with an encryption device. 13.For symmetric encryption to work the two parties to an exchange must share the same _____, which must be protected from access.

Homework Answers

2 Views

TF11.  Protection of the audit trail involves both integrity and

TF11.  Protection of the audit trail involves both integrity and confidentiality. TF12.  The foundation of a security auditing facility is the initial capture of the audit data. TF13.  All UNIX implementations will have the same variants of the syslog facility. TF14.  Thresholding is a form of baseline analysis. TF15.  Applications, especially applications with a certain level.

Homework Answers

2 Views

  SHORT ANSWER QUESTIONS:   1._________ security, also called infrastructure security, protects the

  SHORT ANSWER QUESTIONS:   1._________ security, also called infrastructure security, protects the information systems that contain data and the people who use, operate, and maintain the systems. 2.Physical security threats are organized into three categories:  environmental threats, human-caused threats, and _________ threats. 3.Tornados, tropical cyclones, earthquakes, blizzards, lightning, and floods are all types of.

Homework Answers

2 Views

TF11.  DKIM designed to provide an e-mail authentication technique that is

TF11.  DKIM is designed to provide an e-mail authentication technique that is transparent to the end user. TF12.  Most browsers come equipped with SSL and most Web servers have implemented the protocol. TF13.  Search engines support HTTPS. TF14.  The IAB included authentication and encryption as necessary security features in IPv6. TF15.  Transport mode provides protection primarily for.

Homework Answers

2 Views

SHORT ANSWER QUESTIONS: 1.The principal problems associated with employee behavior errors

SHORT ANSWER QUESTIONS: 1.The principal problems associated with employee behavior are errors and omissions, _______, and actions by disgruntled employees. 2.There is a need for a continuum of learning programs that starts with _______, builds to training, and evolves into education. 3.The four layers of the learning continuum as summarized by NIST SP.

Homework Answers

2 Views

  MULTIPLE CHOICE QUESTIONS: 1.Security auditing can: A.provide data that can be used

  MULTIPLE CHOICE QUESTIONS: 1.Security auditing can: A.provide data that can be used to define anomalous behavior B.maintain a record useful in computer forensics C.generate data that can be used in after-the-fact analysis of an attack D.all of the above 2.A _______ is conducted to determine the adequacy of system controls, ensure compliance with established security policy.

Homework Answers

2 Views

  SHORT ANSWER QUESTIONS:   1.A symmetric encryption scheme has five ingredients:  plaintext,

  SHORT ANSWER QUESTIONS:   1.A symmetric encryption scheme has five ingredients:  plaintext, encryption algorithm, ciphertext, decryption algorithm and _________. 2._________ is the process of attempting to discover the plaintext or key. 3.A ________ cipher processes the input one block of elements at a time, producing an output block for each input block. 4.A ________ cipher.

Homework Answers

2 Views

  Chapter 21 – Public-Key Cryptography and Message Authentication   TRUE/FALSE QUESTIONS: TF1.The one-way

  Chapter 21 – Public-Key Cryptography and Message Authentication   TRUE/FALSE QUESTIONS: TF1.The one-way hash function is important not only in message authentication but also in digital signatures. TF2.  SHA is perhaps the most widely used family of hash functions. TF3.  SHA-1 is considered to be very secure. TF4.  SHA-2 shares the same structure and mathematical operations as.

Homework Answers

2 Views

11.  The ______ an optional key that may be present

11.  The ______ is an optional key that may be present on any PIV card, does not require PIN entry, and whose purpose is to authenticate the card and therefore its possessor. A.  VISB.  BIO C.  CHUIDD.  CAK 12.  The role of physical security is affected by the operating location of the information.

Homework Answers

2 Views

TF11.  The purpose of the privacy functions to provide a

TF11.  The purpose of the privacy functions is to provide a user protection against discovery and misuse of identity by other users. TF12.  The Common Criteria specification is primarily concerned with the privacy of personal information concerning the individual rather than the privacy of an individual with respect to that individual’s use of.

Homework Answers

2 Views

  Chapter 17 – Human Resources Security   TRUE/FALSE QUESTIONS:   TF1.  Complying with regulations

  Chapter 17 – Human Resources Security   TRUE/FALSE QUESTIONS:   TF1.  Complying with regulations and contractual obligations is a benefit of security awareness, training, and education programs. TF2.  Employee behavior is not a critical concern in ensuring the security of computer systems. TF3.  Employees cannot be expected to follow policies and procedures of which they are unaware. TF4.  Security awareness,.

Homework Answers

2 Views

  MULTIPLE CHOICE QUESTIONS: 1.One of the earliest and most widely used

  MULTIPLE CHOICE QUESTIONS: 1.One of the earliest and most widely used services is _________. A.  KerberosB.  FIM C.  PKID.  X.509 2._______ is important as part of the directory service that it supports and is also a basic building block used in other standards. A.  PKIB.  X.509 C.  KerberosD.  FIM 3.  ________ requires that a user prove his.

Homework Answers

2 Views

  MULTIPLE CHOICE QUESTIONS: 1._______ a benefit of security awareness, training, and

  MULTIPLE CHOICE QUESTIONS: 1._______ is a benefit of security awareness, training, and education programs to organizations. A.Improving employee behavior B.Increasing the ability to hold employees accountable for their actions C.Mitigating liability of the organization for an employee’s behavior D.All of the above 2.Security awareness, training, and education programs can serve as a deterrent to fraud and.

Homework Answers

2 Views

  Chapter 19 – Legal and Ethical Aspects   TRUE/FALSE QUESTIONS:   TF1.The legal and

  Chapter 19 – Legal and Ethical Aspects   TRUE/FALSE QUESTIONS:   TF1.The legal and ethical aspects of computer security encompass a broad range of topics. TF2.   Computer attacks are considered crimes but do not carry criminal sanctions. TF3.  Computers as targets is a form of crime that involves an attack on data integrity, system integrity, data confidentiality, privacy, or.

Homework Answers

2 Views

TF11.  Unlike RSA, DSS cannot be used for encryption or

TF11.  Unlike RSA, DSS cannot be used for encryption or key exchange. TF12.  The operations performed during a round consist of circular shifts, and primitive Boolean functions based on DSS, MD5, SHA, and RSA. TF13.  SHA-3 algorithms must be designed to resist any potentially successful attack on SHA-2 functions. TF14.  Cryptographic hash functions generally execute.

Homework Answers

2 Views

    Chapter 18 – Security Auditing   TRUE/FALSE QUESTIONS:   TF1. Although important, security auditing

    Chapter 18 – Security Auditing   TRUE/FALSE QUESTIONS:   TF1. Although important, security auditing is not a key element in computer security. TF2.  The basic audit objective is to establish accountability for system entities that initiate or participate in security-relevant events and actions. TF3.  Means are needed to generate and record a security audit trail and to review and.

Homework Answers

2 Views