The single most expensive malicious attack was the 2000 __, which cost an estimated $8.7 billion.
a. Love Bug
b. Nimda
c. Slammer
d. Code Red
The __ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
a. USA Patriot
b. Gramm-Leach-Bliley
c. California Database Security Breach
d. Sarbanes-Oxley
Under the __, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.
a. HLPDA
b. USHIPA
c. HIPAA
d. HCPA
What is another name for unsolicited e-mail messages?
a. trash
b. scam
c. spawn
d. spam
__ ensures that information is correct and that no unauthorized person or malicious software has altered that data
a. Identity
b. Confidentiality
c. Integrity
d. Availability
__ ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter.
a. Encryption
b. Authentication
c. Accounting
d. Authorization
A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts.
a. 10 to 14
b. 14 to 16
c. 12 to 15
d. 13 to 14
In information security, an example of a threat agent can be ____.
a. a force of nature such as a tornado that could destroy computer equipment
b. a virus that attacks a computer network
c. Both a and d
d. an unsecured computer network
Weakness in software can be more quickly uncovered and exploited with new software tools and techniques.
The demand for IT professionals who know how to secure networks and computers is at an all-time low.
Which of the following is NOT a characteristic of Advanced Persistent Threat (APT)?
a. can span several years
b. targets sensitive propriety information
c. uses advanced tools and techniques
d. is only used by hactivists against foreign enemies
Which of the following was used to describe attackers who would break into a computer system without the owner's permission and publicly disclose the vulnerability?
a. white hat hackers
b. black hat hackers
c. blue hat hackers
d. gray hat hackers
Which of the following is NOT a reason why it is difficult to defend against today's attackers?
a. increased speed of attacks
b. simplicity of attack tools
c. greater sophistication of defense tools
d. delays in security updating
Why can brokers command such a high price for what they sell?
a. Brokers are licensed professionals.
b. The attack targets are always wealthy corporations.
c. The vulnerability was previously unknown and is unlikely to be patched quickly.
d. Brokers work in teams and all the members must be compensated.
Which phrase describes the term "security" in a general sense.
a. protection from only direct actions
b. using reverse attack vectors (RAV) for protection
c. only available on hardened computers and systems
d. the necessary steps to protect a person or property from harm
____ ensures that only authorized parties can view the information.
a. Confidentiality
b. Availability
c. Authorization
d. Integrity
Each of the following is a successive layer in which information security is achieved EXCEPT ____.
a. products
b. purposes
c. procedures
d. people
What is a person or element that has the power to carry out a threat.
a. threat agent
b. exploiter
c. risk agent
d. vulnerability
____ ensures that individuals are why they claim to be.
a. Demonstration
b. Accounting
c. Authentication
d. Certification
What is the difference between a hactivist and a cyberterrorist?
a. A hactivist is motivated by ideology while a cyberterrorist is not.
b. Cyberterrorists always work in groups while hactivists work alone.
c. The aim of a hactivist is not to incite panic like cyberterrorists.
d. Cyberterrorists are better funded than hactivists.
Each of the following is a goal of information security EXCEPT ____.
a. avoid legal consequences
b. foil cyberterrorism
c. prevent data theft
d. limit access control
Which act requires enterprises to guard protected health information and implement policies and procedures to safeguard it?
a. Hospital Protection and Insurance Association Agreement (HPIAA)
b. Sarbanes-Oxley (Sarbox)
c. Gramm-Leach-Bliley Act (GLBA)
d. Health Insurance Portability and Accountability Act (HIPAA)
Why do cyberterrorists target power plants, air traffic control centers, and water systems?
a. These targets have notoriously weak security and are easy to penetrate.
b. They can cause significant disruption by destroying only a few targets.
c. These targets are government-regulated and any successful attack would be considered a major victory.
d. The targets are privately owned and cannot afford high levels of security.
What is the first step in the Cyber Kill Chain?
a. weaponization
b. exploitation
c. actions on objectives
d. reconnaissance
An organization that purchased security products from different vendors is demonstrating which security principle?
a. obscurity
b. diversity
c. limiting
d. layering
Each of the following can be classified an "insider" EXCEPT ____.
a. business partners
b. contractors
c. stockholders
d. employees
What are attackers called who belong to a network of identity thieves and financial fraudsters?
a. cybercriminals
b. script kiddies
c. hackers
d. brokers
What is an objective of state-sponsored attackers?
a. to right a perceived wrong
b. to spy on citizens
c. to sell vulnerabilities to the highest bidder
d. fortune instead of fame
An example of ____ is not reveling they type of computer, operating system, software, and network connection a computer uses.
a. layering
c. obscurity
d. limiting
The ____ is primarily responsible for accessing, managing, and implementing security.
a. security administrator
b. security manager
c. security technician
d. chief information security officer (CISO)
