exam 1 ch. 1, 2,3

1.

1 point

In public key encryption for authentication, the supplicant uses _____ to encrypt.

the verifier's public key

the verifier's private key

the supplicant's public key

the supplicant's private key

2.

1 point

Which companies do PCI-DSS affect?

government organizations

medical firms

e-commerce firms

companies that accept credit card payments

3.

1 point

Cryptanalysts have found weaknesses in _____.

MD5

SHA-15

Both

Neither

4.

1 point

What type of organizations is subject to FISMA?

e-commerce firms

companies that accept credit card payment

government organizations

medical firms

5.

1 point

A(n) _______ attack requires a victim host to prepare for many connections, using up resources until the computer can no longer serve legitimate users. (Choose the most specific choice)

distributed malware

SYN flooding

directly-propagating worm

DoS

6.

1 point

In a virus, the code that does damage is called the ______.

vector

compromise

exploit

payload

7.

1 point

Which of the following is NOT one of the three elements in the fraud and abuse triangle?

resistence

opportunity

rationalization

pressure

8.

1 point

SLE times APO gives the _______.

expected annual loss

expected per-event loss

expected per-event benefit

expected life cycle loss

9.

1 point

The supplicant creates a digital signature by _______.

encrypting the message digest with its own private key

hashing the plain text message

encrypting the message digest with its own public key

adding the password to the challenge message and hashing the two

10.

1 point

Which type of program can hide itself from normal inspection and detection?

stealth trojan

spyware

trojan horse

rootkit

11.

1 point

A DES key is _____ bits long.

128

40

100

56

12.

1 point

________ specifically addresses data protection requirements at financial institutions.

Sarbanes-Oxley

GLBA

The Revised SEC Act

HIPAA

13.

1 point

Which of the following are types of countermeasures?

detective

corrective

preventative

all of the above

14.

1 point

Hashing is ______.

repeatable

reversible

Both

Neither

15.

1 point

______ attacks take advantage of flawed human judgement by convincing the victim to take actions that are counter to security policies. (Choose the best answer)

mobile code

spam

social engineering

email attachment

16.

1 point

The ISO/IEC 2700 family focuses on ________.

corporate governance

All of the above about equally

IT governance

IT security governance

17.

1 point

You receive an e-mail that seems to come from a frequent customer. It contains specific information about your relationship with the customer. Clicking on a link in the message takes you to a website to be your customer's website. However, the website is fake this is ______.

social engineering

spear fishing

a hoax

phishing

18.

1 point

In order to be considered strong today, a symmetric encryption key must be at least ______ bits long.

100

1,000

8

6

19.

1 point

In MS-CHAP, the _____ creates the response message.

Both

verifier (server)

Neither

supplicant (client)

20.

1 point

_______ is the security guarantee that people who intercept messages cannot read them.

confidentiality

availability

integrity

encryption

21.

1 point

_______ examines IT processes for efficiency, effectiveness, and adequate controls.

Internal auditing

IT auditing

Financial auditing

None of the above

22.

1 point

Which of the following fields are contained on a digital certificate?

Serial Number

Public key

Digital Signature

All of the above

23.

1 point

When Joshua sends a message to Larry, Joshua will use ____ to encrypt the message.

Larry's private key

Larry's public key

Joshua's public key

the public key

24.

1 point

The first step in developing an IT security plan is to _______.

determine needs

asses the current state of the company's security

create comprehensive security

prioritize security projects

25.

1 point

The three common core goals of security are _______.

confidentiality, information, and availability

confidentiality, integrity, and availability

confidentiality, information, and authorization

26.

1 point

_______ are programs that attach themselves to legitimate programs.

Worms

Both

Viruses

Neither

27.

1 point

COSO focuses on _______.

IT governance

corporate internal and financial controls

IT security governance

All the above

28.

1 point

CobiT focuses on _______.

corporate governance

IT security governance

controlling the entire IT function

All of the above about equally

29.

1 point

The key to security being an enable is ______.

adequate spending on security

having strong corporate policies

extensive training

getting it involved early within the project

30.

1 point

Which of the following CIA security goals did TJX fail to meet?

intergrity

authorization

availability

confidentiality