Professional Documents
Culture Documents
Full download Test Bank for Management of Information Security 6th Edition Michael E. Whitman, Herbert J. Mattord file pdf free all chapter
Full download Test Bank for Management of Information Security 6th Edition Michael E. Whitman, Herbert J. Mattord file pdf free all chapter
https://testbankbell.com/product/test-bank-for-principles-of-
information-security-6th-edition-michael-e-whitman-herbert-j-
mattord/
https://testbankbell.com/product/test-bank-for-management-of-
information-security-5th-edition-michael-e-whitman-herbert-j-
mattord/
https://testbankbell.com/product/solution-manual-for-principles-
of-information-security-6th-edition-michael-e-whitman-herbert-j-
mattord/
https://testbankbell.com/product/test-bank-for-management-of-
information-security-6th-edition-michael-e-whitman-herbert-j-
mattord-isbn-10-133740571x-isbn-13-9781337405713/
Principles of Information Security 6th Edition Whitman
Solutions Manual
https://testbankbell.com/product/principles-of-information-
security-6th-edition-whitman-solutions-manual/
https://testbankbell.com/product/test-bank-for-ethics-for-the-
information-age-8th-edition-michael-j-quinn/
https://testbankbell.com/product/test-bank-for-corporate-
computer-security-4-e-randall-j-boyle-raymond-r-panko/
https://testbankbell.com/product/test-bank-for-principles-of-
genetics-6th-edition-d-peter-snustad-michael-j-simmons/
https://testbankbell.com/product/solution-manual-for-ethics-for-
the-information-age-8th-edition-michael-j-quinn-2/
Name: Class: Date:
3. A worm may be able to deposit copies of itself onto all Web servers that the infected system can reach, so that users
who subsequently visit those sites become infected.
a. True
b. False
ANSWER: True
5. The first step in solving problems is to gather facts and make assumptions.
a. True
b. False
ANSWER: False
6. A device (or a software program on a computer) that can monitor data traveling on a network is known as a socket
sniffer. __________
ANSWER: False - packet
7. One form of e-mail attack that is also a DoS attack is called a mail spoof, in which an attacker overwhelms the receiver
with excessive quantities of e-mail. __________
ANSWER: False - bomb
9. "Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized
to have by looking over another individual’s shoulder or viewing the information from a distance. __________
ANSWER: False - surfing
10. The term phreaker is now commonly associated with an individual who cracks or removes software protection that is
designed to prevent unauthorized duplication. __________
ANSWER: False - cracker
11. The application of computing and network resources to try every possible combination of options of a password is
called a dictionary attack. __________
ANSWER: False - brute force
12. The macro virus infects the key operating system files located in a computer’s start-up sector. __________
ANSWER: False - boot
13. The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the
intent to destroy or steal information. __________
ANSWER: True
14. A(n) polymorphic threat is one that over time changes the way it appears to antivirus software programs, making it
undetectable by techniques that look for pre-configured signatures. __________
ANSWER: True
Multiple Choice
16. The protection of voice and data components, connections, and content is known as __________ security.
a. network
b. national
c. cyber
d. operational
ANSWER: a
17. The protection of confidentiality, integrity, and availability of data regardless of its location is known as __________
security.
a. information
b. network
c. cyber
d. operational
Copyright Cengage Learning. Powered by Cognero. Page 2
Name: Class: Date:
ANSWER: a
18. A model of InfoSec that offers a comprehensive view of security for data while being stored, processed, or transmitted
is the __________ security model.
a. CNSS
b. USMC
c. USNA
d. NPC
ANSWER: a
19. Which of the following is a C.I.A. triad characteristic that addresses the threat from corruption, damage, destruction,
or other disruption of its authentic state?
a. integrity b. availability
c. authentication d. accountability
ANSWER: a
20. According to the C.I.A. triad, which of the following is the most desirable characteristic for privacy?
a. confidentiality b. availability
c. integrity d. accountability
ANSWER: a
21. Which of the following is recognition that data used by an organization should only be used for the purposes stated by
the information owner at the time it was collected?
a. accountability b. availability
c. privacy d. confidentiality
ANSWER: c
22. Which of the following is a C.I.A. triad characteristic that ensures only those with sufficient privileges and a
demonstrated need may access certain information?
a. integrity b. availability
c. authentication d. confidentiality
ANSWER: d
23. The use of cryptographic certificates to establish Secure Sockets Layer (SSL) connections is an example of which
process?
a. accountability b. authorization
c. identification d. authentication
ANSWER: d
24. A process that defines what the user is permitted to do is known as __________.
a. identification b. authorization
c. accountability d. authentication
ANSWER: b
25. What do audit logs that track user activity on an information system provide?
a. identification b. authorization
c. accountability d. authentication
ANSWER: c
26. Any event or circumstance that has the potential to adversely affect operations and assets is known as a(n)
__________.
a. threat
b. attack
c. exploit
d. vulnerability
ANSWER: a
27. An intentional or unintentional act that can damage or otherwise compromise information and the systems that support
it is known as a(n) __________.
a. threat
b. attack
c. exploit
d. vulnerability
ANSWER: b
29. A potential weakness in an asset or its defensive control system(s) is known as a(n) __________.
a. threat
b. attack
c. exploit
d. vulnerability
ANSWER: d
30. The unauthorized duplication, installation, or distribution of copyrighted computer software, which is a violation of
intellectual property, is called __________.
a. software piracy
b. copyright infringement
c. trademark violation
d. data hijacking
ANSWER: a
31. Technology services are usually arranged with an agreement defining minimum service levels known as a(n)
__________.
a. SSL b. SLA
Copyright Cengage Learning. Powered by Cognero. Page 4
Name: Class: Date:
c. MSL d. MIN
ANSWER: b
33. Acts of __________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises
or systems they have not been authorized to access.
a. bypass b. theft
c. trespass d. security
ANSWER: c
34. An information security professional with authorization to attempt to gain system access in an effort to identify and
recommend resolutions for vulnerabilities in those systems is known as a(n) __________.
a. penetration tester
b. expert hacker
c. phreaker
d. cracker
ANSWER: a
35. A hacker who intentionally removes or bypasses software copyright protection designed to prevent unauthorized
duplication or use is known as a(n) __________.
a. penetration tester
b. expert hacker
c. phreaker
d. cracker
ANSWER: d
36. __________ is the collection and analysis of information about an organization’s business competitors, often through
illegal or unethical means, to gain an unfair edge over them.
a. Dumpster diving
b. Packet sniffing
c. Competitive advantage
d. Industrial espionage
ANSWER: d
37. The hash values for a wide variety of passwords can be stored in a database known as a(n) __________, which can be
indexed and quickly searched using the hash value, allowing the corresponding plaintext password to be determined.
a. rainbow table
b. unicorn table
c. rainbow matrix
d. poison box
ANSWER: a
Copyright Cengage Learning. Powered by Cognero. Page 5
Name: Class: Date:
40. Human error or failure often can be prevented with training and awareness programs, policy, and __________.
a. outsourcing b. technical controls
c. hugs d. ISO 27000
ANSWER: b
44. An attack that uses phishing techniques along with specialized forms of malware to encrypt the victim's data files is
known as __________.
a. crypto locking b. ransomware
c. jailbreaking d. spam
ANSWER: b
45. One form of online vandalism is __________, in which individuals interfere with or disrupt systems to protest the
operations, policies, or actions of an organization or government agency.
a. hacktivism b. phreaking
c. red teaming d. cyberhacking
Copyright Cengage Learning. Powered by Cognero. Page 6
Name: Class: Date:
ANSWER: a
46. __________ are malware programs that hide their true nature and reveal their designed behavior only when activated.
a. Viruses b. Worms
c. Spam d. Trojan horses
ANSWER: d
47. As frustrating as viruses and worms are, perhaps more time and money is spent on resolving virus __________.
a. false alarms b. polymorphisms
c. hoaxes d. urban legends
ANSWER: c
48. Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a
system at a later time by bypassing access controls?
a. brute force b. DoS
c. back door d. hoax
ANSWER: c
49. A __________ is an attack in which a coordinated stream of requests is launched against a target from many locations
at the same time.
a. denial of service b. distributed denial of service
c. virus d. spam
ANSWER: b
50. Which type of attack involves sending a large number of connection or information requests to a target?
a. malicious code b. denial of service (DoS)
c. brute force d. spear fishing
ANSWER: b
51. In the __________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them
back into the network.
a. zombie-in-the-middle b. sniff-in-the-middle
c. server-in-the-middle d. man-in-the-middle
ANSWER: d
52. Which statement defines the differences between a computer virus and a computer worm?
a. Worms and viruses are the same.
b. Worms can make copies all by themselves on one kind of computer but viruses can make copies all by
themselves on any kind of computer.
c. Worms can copy themselves to computers and viruses can copy themselves to smartphones.
d. Worms can make copies all by themselves but viruses need to attach to an existing program on the host
computer to replicate.
ANSWER: d
53. Which of the following is not among the "deadly sins of software security"?
a. extortion sins
b. implementation sins
c. Web application sins
d. networking sins
ANSWER: a
54. Which of the 12 categories of threats best describes a situation where the adversary removes data from a victim's
computer?
a. theft
b. espionage or trespass
c. sabotage or vandalism
d. information extortion
ANSWER: a
55. Which of the following is the principle of management that develops, creates, and implements strategies for the
accomplishment of objectives?
a. leading b. controlling
c. organizing d. planning
ANSWER: d
56. Which of the following is the principle of management dedicated to the structuring of resources to support the
accomplishment of objectives?
a. organization b. planning
c. controlling d. leading
ANSWER: a
57. __________ is the set of responsibilities and practices exercised by the board and executive management with the goal
of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately,
and verifying that the enterprise’s resources are used responsibly.
a. Governance
b. Controlling
c. Leading
d. Strategy
ANSWER: a
58. Which of the following is the first step in the problem-solving process?
a. Analyze and compare the possible solutions.
b. Develop possible solutions.
c. Recognize and define the problem.
d. Select, implement, and evaluate a solution.
ANSWER: c
60. Which of the following is NOT a primary function of information security management?
a. planning b. protection
c. projects d. performance
ANSWER: d
61. Which of the following functions of information security management seeks to dictate certain behavior within the
organization through a set of organizational guidelines?
a. planning b. policy
c. programs d. people
ANSWER: b
62. Which function of InfoSec management encompasses security personnel as well as aspects of the SETA program?
a. protection
b. people
c. projects
d. policy
ANSWER: b
Completion
64. A(n) __________ is an act against an asset that could result in a loss.
ANSWER: attack
65. Duplication of software-based intellectual property is more commonly known as software __________.
ANSWER: piracy
66. A(n) __________ hacks the public telephone network to make free calls or disrupt services.
ANSWER: phreaker
68. Some information gathering techniques are quite legal—for example, using a Web browser to perform market
research. These legal techniques are called, collectively, __________.
ANSWER: competitive intelligence
71. A virus or worm can have a payload that installs a(n) __________ door or trap-door component in a system, which
allows the attacker to access the system at will with special privileges.
ANSWER: back
73. A ___________ overflow is an application error that occurs when the system can’t handle the amount of data that is
sent.
ANSWER: buffer
74. The three levels of planning are strategic planning, tactical planning, and __________ planning.
ANSWER: operational
75. The set of organizational guidelines that dictates certain behavior within the organization is called __________.
ANSWER: policy
77. List and explain the critical characteristics of information as defined by the C.I.A. triad.
ANSWER:
Confidentiality of information ensures that only those with sufficient privileges and a demonstrated need may
access certain information. When unauthorized individuals or systems can view information, confidentiality is
breached.
Integrity is the quality or state of being whole, complete, and uncorrupted. The integrity of information is
threatened when it is exposed to corruption, damage, destruction, or other disruption of its authentic state.
Availability is the characteristic of information that enables user access to information without interference or
obstruction and in a usable format.
78. List and explain the four principles of management under the contemporary or popular management theory. Briefly
define each.
ANSWER: Popular management theory categorizes the principles of management into planning, organizing, leading, and
controlling (POLC).
The process that develops, creates, and implements strategies for the accomplishment of objectives is called
planning.
The management function dedicated to the structuring of resources to support the accomplishment of
objectives is called organization.
Leadership includes supervising employee behavior, performance, attendance, and attitude. Leadership
generally addresses the direction and motivation of the human resource.
Monitoring progress toward completion, and making necessary adjustments to achieve desired objectives,
requires the exercise of control.
79. List the steps that can be used as a basic blueprint for solving organizational problems.
ANSWER: 1. Recognize and define the problem.
2. Gather facts and make assumptions.
3. Develop possible solutions.
4. Analyze and compare possible solutions.
5. Select, implement, and evaluate a solution.
80. What are the three distinct groups of decision makers or communities of interest on an information security team?
ANSWER: Managers and professionals in the field of information security
Managers and professionals in the field of IT
Managers and professionals from the rest of the organization
82. List the measures that are commonly used to protect the confidentiality of information.
ANSWER: Information classification
Secure document (and data) storage
Application of general security policies
Education of information custodians and end users
Cryptography (encryption)
Essay
85. There are 12 general categories of threat to an organization's people, information, and systems. List at least six of the
general categories of threat and identify at least one example of those listed.
ANSWER: Compromises to intellectual property
Copyright Cengage Learning. Powered by Cognero. Page 11
Name: Class: Date:
Software attacks
Deviations in quality of service
Espionage or trespass
Forces of nature
Human error or failure
Information extortion
Sabotage or vandalism
Theft
Technical hardware failures or errors
Technical software failures or errors
Technological obsolescence
LI. Παραγγέλιαι—Precepts.
This little tract stands altogether in much the same circumstances
as the preceding one, that is to say, it is wholly destitute of all good
authority in its favor, and the nature of its contents is what might
rather be expected from a sophist than a practical physician. The
text, moreover, is in a most unsatisfactory state. I shall dismiss it
then with a very brief notice. It opens with an advice to the physician
not to trust to speculation but to rational experience. He ought to
learn remedies from all quarters, even from the vulgar, and not be
avaricious in his dealings with the sick, more especially if strangers
and needy. The author alludes, as Schulze thinks, to the practice
then followed by the physicians of migrating from one city to another,
and of making a public declaration of their pretensions at their first
entry into any place. These physicians were called periodeutæ. The
author of this tract advises the physician, in such a case, not to make
any vainglorious or inflated profession of his abilities. He also enjoins
the medical practitioner to look to the health of those who are free
from disease, as well as those who was indisposed.
“Fire being compressed produces air, and air water, and water
earth: and from earth the same circuit of changes takes place till we
come to fire.”[279]
“In that part of the universe where Nature and Generation exert
their powers, it is necessary that there should be these three things:
In the first place, that thing which being tangible furnishes a body to
everything which comes into existence. This is the universal recipient
and substance of impression for things generated, bearing the same
relation to things which are generated from them that water does to
juice, and silence to sound, and darkness to light, and materials to
the things fabricated from them. For water is void of taste and
quality, bearing the same relation to sweet and bitter, and to sharp
and salt. The air is unformed as to sound, or speech, or melody. And
darkness is devoid of color and shape, and bears the same relation
towards bright, and yellow, and white. But white bears reference also
both to the statuary art and that which forms figures of wax. But
matter admits of another comparison with the art of statuary. For all
things exist in it potentially before they are made, but actually after
they are made and have received their nature. In order, therefore,
that there should be generation, it is necessary that there should be
some one substance as a substratum. In the second place there are
the contraries, in order that they may be changes and
transmutations, the primary matter undergoing passion and affection,
in order that the qualities (or powers, δυναμεις), being mutually
passive, may not destroy, nor be destroyed, by one another. These
(the contraries) are, heat and cold, moisture and dryness. In the third
place are those substances in which these powers reside, namely,
fire and water, air and earth. For these differ from the powers
(qualities?) For the substances are consumed in place by one
another, but the powers are neither consumed nor formed, for they
are the incorporeal reasons of these.[280] Of these four, heat and
cold are causes, and active; but dryness and humidity are as the
materials, and passive. In the first place there is matter, the universal
recipient, for it is the common subject (or substratum) of all things, so
that it is the first sensible body in potentiality, and the original of all
things: next are the contraries, such as heat and cold, moisture and
dryness; and in the third place there are fire, water, earth, and air:
these all change into one another, but the contraries do not
change.”[281]
The primary matter is afterwards defined to be “the subject body,
that which receives all the changes, the universal recipient, and that
which potentially is the first to the touch.”[282]
“The first principles of all created things are the substratum,
matter, and the reason of shape; namely, form. The bodies are their
offspring, namely, fire, air, earth, water.”[283]
“Pythagoras taught that the original of all things is the monad,
that from the monad sprung the duad, which is the subject matter to
the efficient monad: that from the monad and infinite duad were
formed the numbers: from the numbers the points; from them the
lines, from these figures of superficies; from the superficies the solid
figures; from these the solid bodies, of which are the elements, fire,
water, earth, air:—that from these, changed and converted into every
shape, is formed the world, which is animated, intelligent, of a
spherical shape, comprehending in its middle the earth, which also is
spherical and inhabited all round.[284]
“Pythagoras said, that none of the elements is pure, for that earth
contains fire, and fire air, and water air, etc.”[285]
“Nor those which elements we call abide,
Nor to this figure, nor to that are ty’d:
For this eternal world is said of old
But four prolific principles to hold,
Four different bodies: two to heaven ascend,
And other two down to the centre tend:
Fire first with wings expanded mounts on high,
Pure, void of weight, and dwells in upper sky:
Then air, because unclogged, in empty space
Flies after fire, and claims the second place;
But weighty water, as her nature guides,
Lies on the lap of earth; and mother Earth subsides.
All things are mixed of these, which all contain,
And into these are all resolved again:
Earth rarefies to dew; expanding more
The subtile dew in air begins to soar:
Spreads as she flies and weary of the name,
Extenuates still and changes into flame.
Thus having by degrees perfection won,
Restless they soon untwist the web they spun.
And fire begins to lose her radiant hue,
Mix’d with gross air, and air descends in dew:
And dew condensing does her form forego
And sinks a heavy lump of earth below,
Thus are their figures never at a stand,
But changed by Nature’s innovating hand.”[286]
THE PLATONISTS.
Aristotle defines the first matter as follows: “I call matter the first
subject of everything, all things being formed from it existing in them
not accidentally; and when anything is destroyed, it comes to this at
last.”[306]
In his Logical work he thus defines his ideas regarding the first
substances, namely, mind and matter. “The first substances being
the subjects of all other things, and as every other thing may be
predicated by them and exists in them, are called the prime
substances.[307] “We must distinguish the first bodies from matter,
for we must suppose concerning them that they have a first principle
and origin, namely, matter, which is inseparable from them, and is
the subject of the contraries. For heat does not furnish the materials
to cold, nor it to heat, but the subject to both. So that we have first
the sensible body in potentiality, the first principle; then we have the
contraries, I mean cold and heat; and thirdly, fire and water, and the
like. These change into one another, and not as Empedocles and
others say of them.[308]
“The material of all bodies, great and small, is the same. This is
apparent; for when air is formed from water, the same matter, when it
becomes another thing, acquires nothing new, only that which
formerly existed in capacity now exists actually.”[309]
The following extracts will show the opinions of his most
celebrated commentators:
“Air and fire have one common character, namely, heat; therefore
they readily change into one another. Air and water readily change
into one another, for they have a common character, namely,
moisture. In like manner, water and earth, for they have an alliance,
namely, coldness.”[310]
“The physical philosophers analyze any substance, as, for
example, a man into head, hands, and feet; and these into bones,
flesh, and nerves; and these into the four elements; and these again
into matter and form.”[311]
“Water is formed from air, and air from water, and fire from air,
because they all have one common substratum, matter.”[312]
The next two extracts will show the opinions entertained by
Aristotle’s successor in the Peripatetic school of philosophy.
“Of the simple substances, fire has peculiar powers. For air,
water, and earth, admit only of changes into one another, but none of
them can produce itself.”[313]