1. A SYN flood is characterized by the brute force transmission of requests for access to the target network, with the aim of overwhelming its capacity to receive them.
2. Computerized information is so tightly bound within the fabric of our society that its trustworthiness and availability has to be assured in order for our basic social functions to operate properly.
3. There is general agreement about what legitimately constitutes the right set of actions to deter hostile activity in cyberspace.
4. There been a standard definition of what constitutes due care in the information protection realm since the beginning of the discipline.
5. FISMA is a piece of legislation; therefore, as is the usual case with legislation, the actual means of implementing the federal law is left up to the National Institute of Standards and Technology (NIST).
1. ____ bundles mutually supporting government initiatives into a single coordinated effort to ensure the security of cyberspace and includes the establishment of a coordinated national capability to identify and remediate computer vulnerabilities.
a. CHCI, 2008
b. CCNI, 2008
c. CNCI, 2008
d. CICN, 2008
2. Under the ____ rule, protection isn’t adequate if any part of it can be exploited.
a. complete protection
b. complete inspection
c. complete coverage
d. complete system
3. The normal way to make certain that a compromise does not happen is to put technical or ____ controls in place to ensure the security of all items that have to be protected.
4. In order to operate properly, technical and behavioral controls have to be coordinated from within a single consistent ____.
5. The problem with protecting information is that it is nothing more than a(n) ____ for something of value in the real world.
6. The first step in any cybersecurity process is to ____.
a. get it properly organized
b. get as much information as possible
c. make the controls as strong as possible
d. move as fast as possible
7. It is essential that the people responsible for assuring information follow a disciplined and well-defined ____.
8. In order for a defense to be effective, all of the requisite ____ have to be in place and properly coordinated.
d. backup controls
9. The ____ of a piece of information might be derived from the importance of the idea, or the criticality of the decision, or it can represent simple things like your bank account number.
10. A(n) ____ that only reflects the focus and interests of a single field will almost certainly have exploitable holes in it.
11. IT departments install technical countermeasures, but ____ have the responsibility to deploy accompanying physical security controls.
12. In most organizations, physical and electronic security involve ____ entirely separate and independent areas.
13. A reasonably accurate ____ of the important information that the organization considers valuable and where it is kept is important.
14. Any workable solution has to be ____.
15. A security infrastructure should reflect the ____ needs of the business as well as its business requirements.
16. The role of ____ is to ensure that information resources that are needed to underwrite a particular business strategy are kept confidential, correct, and available.
c. risk analysis
17. The aim of ____ is to maintain an optimum and secure relationship between each of the company’s business processes and their respective information security functions.
a. formal governance
b. informal governance
c. formal auditing
d. formal planning
18. Instead of being motivated by a desire to prove their art, hackers today are motivated by ____ and political ends.
a. financial loss
c. financial gain
19. ____ is nothing more than the ability to demonstrate that all reasonable precautions were taken to prevent harm resulting from something that you are legally responsible for.
a. Due care
b. Due security
c. Due cause
d. Due justice
20. The EBK is a product of the Department of Homeland Security’s ____.
a. National Security Division
b. National Cyber Analysis Division
c. National Cyber Protection Division
d. National Cyber Security Division
21. The specific purpose of the ____ is to implement the education and training requirements of the National Strategy to Secure Cyberspace.