1. __________ are responsible for the day-to-day caretaking of data. A. Data Custodians
2. __________ requires that sites obtain parental permission, post a privacy policy detailing specifics concerning information collected from children, and describe how the children’s information will be used. A. COPPA
3. A __________ cipher occurs when the same letters are used but the order is changed. A. transposition
4. A __________ is a more formal, larger software update that can address several or many software problems. A. patch
5. A __________ is a special piece of data used in both the encryption and decryption processes. A. Key
6. A benefit of SHA-1 hashing is it’s resistant to a collision attack. T/F A. False
7. A digital certificate binds an individual’s identity to a public key. T/F A. True
8. A directory offers a static view of data that can be changed without a complex update transaction. A. True
9. A patient’s medical records are shared with a third party who is not a medical professional and without the patient’s approval. Which law may have been violated? A. HIPPA
10. A school principle allows for student information to be accessed by a marketing company in exchange for goods and services for the school. The principle may have violated which law? A. FERPA
11. A self-signed certificate indicates that it was signed by a subordinate CA. T/F A. False
12. A video rental store shares its customer database with a private investigator. The rental store may have violated which law? A. VPPA
13. Asymmetric encryption is more commonly known as public key cryptography. T/F A. True
14. Asymmetric encryption tends to be faster, is less computationally involved, and is better for bulk transfers. T/F A. False
15. Business records, printouts, and manuals are which type of evidence? A. Documentary Evidence
16. Cryptography is the process of attempting to return an encrypted message to its original form. T/F A. False
17. Data wiping is destructive to the media. A. False
18. Every CA should have a __________ that outlines how identities are verified. A. Certification practices statement
19. Evidence offered by a witness that is not based on the personal knowledge of the witness, but is being offered to prove the truth of the matter asserted, falls under which rule of evidence? A. Hearsay rule
20. Evidence that is convincing or measures up without question is known as __________. A. Sufficient evidence
21. Evidence that is material to the case or has bearing on the matter at hand is known as __________. A. Relevant Evidence
22. Evidence that must be legally qualified and reliable is known as __________. A. Competent evidence
23. Fair Credit Reporting Act (FCRA) is designed to protect educational records of students at the K-12 level. T/F A. False
24. FTP encrypts traffic by default. A. False
25. Gramm-Leach-Bliley Act (GLBA) was designed to enable public access to U.S. government records. A. False
26. Hardening applications is similar to hardening operating systems
True or False A. True
27. Hashing functions are special mathematical functions that perform a two-way encryption. T/F A. False
28. In the United States, the primary path to privacy is via __________, whereas in Europe and other countries, it is via __________.
29. JavaScript is part of the Java environment. T/F A. FALSE
30. Keyspace refers to __________. A. a set of possible key values
31. Once a hash value is generated, it is not reversible. T/F A. True
32. Once revoked, a certificate cannot be reinstated A. True
33. Oral testimony that proves a specific fact with no inferences or presumptions is which type of evidence? A. Direct Evidence
34. PKI can be used as a measure to trust individuals we do not know. T/F A. True
35. Privacy laws as they relate to education are very recent phenomena. T/F A. False
36. Protecting data while in use is a much trickier proposition than protecting it in transit or in storage. True/False A. True
37. Public keys are components of digital certificates. T/F A. True
38. Security via obscurity alone has always been a valid method of protecting secrets. T/F A. False
39. Service pack is the term given to a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks. T/F A. False
40. Snapshots are instantaneous save points in time on virtual machines. T/F A. True
41. T/F Using transport layer security (TLS) is a guarantee of security A. False
42. Tangible objects that prove or disprove fact are what type of evidence? A. Real Evidence
43. The process of securing an OS is called hardening T/F A. true
44. The security kernel is also known as a __________. A. reference monitor
45. The three words that can govern good citizenry when collecting PII are notice, choice, and consent. A. True
46. The X.509 standard outlines the necessary fields of a certificate and the possible values that can be inserted into the fields. T/F A. True
47. TLS is dead and SSL is the path forward A. FALSE
48. What best describes javascript A. Enable features such as validation of forms
49. What is a digital certificate? A. A means of establishing an association between the subject’s identity and a public key
50. What is the difference between centralized and decentralized infrastructures? A. The location where the cryptographic key is generated and stored is different
51. What is the goal of TCP? A. To send an unauthenticated, error-free stream of info between two computers
52. What is the security issue with Common Gateway Interface A. Poor scrips can cause unintentional consequences
53. What term referes to the process of establishing a systems operational state A. Baselining
54. What type of evidence is used to aid a jury and may be in the form of a model, experiment, chart, and so on, to indicate that an event occurred? A. Demonstrative Evidence
55. When an algorithm lists a certain number of bits as a key, it is defining the keyspace. T/F A. True
56. When analyzing computer storage components, the original system should be analyzed. A. False
57. When deleted, a file is removed from its original place on the storage device and is only available in the recycle bin. T/F A. False
58. When material, called plaintext, needs to be protected from unauthorized interception or alteration, it is encrypted into __________. A. ciphertext
59. When performing forensics on a computer system, you should use the utilities provided by that system. T/F A. False
60. Which attack is the most common exploit used to hack into software? A. Buffer overflow
61. Which attack works on both SSL and TLS by transparently converting the secure HTTPS connection into a plain HTTP connection, removing the transport layer encryption protections? A. SSL stripping attack
62. Which law was designed to enable public access to U.S. government records? A. FOIA
63. Which Microsoft tool can be deployed on a system before a change and then again after a change to analyze the changes to various system properties as a result of the change? A. Attack surface analyzer
64. Which protection ring has the highest privilege level and acts directly with the physical hardware? A. Ring 0
65. Which protocol is used for the transfer of hyperlinked data over the internet, from web servers to browsers A. HTTP
66. Which rule applies to evidence obtained in violation of the Fourth Amendment of the Constitution? A. Exclusionary rule
67. Which term is a means of signing an ActiveX control so that a user can judge trust based on the control’s creator? A. Authenticode
68. Which term refers the process of giving keys to a third party so that they can decrypt and read sensitive information if the need arises? A. Key Escrow
69. Which term refers to the process of restoring lost keys to the users or a company A. key recovery
70. Which term refers to the quarantine or isolation of a system from its surroundings? A. Sandboxing
71. Which type of certificate is used when independent CAs establish peer-to-peer trust relationships allowing one CA to issue a certificate allowing its users to trust another CA? A. Cross-Certification Certificate
72. Which Windows Server 2016 feature ensures that only known, digitally signed antimalware programs can load right after Secure Boot finishes? A. Early launch anti-malware (ELAM)
Other Links:
See other websites for quiz:
Check on QUIZLET