865 538
Quiz por , criado more than 1 year ago

intro

41
0
0
865 538
Criado por 865 538 quase 8 anos atrás
Fechar

nsf_01

Questão 1 de 30

1

The single most expensive malicious attack was the 2000 __, which cost an estimated $8.7 billion.

Selecione uma das seguintes:

  • a. Love Bug

  • b. Nimda

  • c. Slammer

  • d. Code Red

Explicação

Questão 2 de 30

1

The __ Act requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.

Selecione uma das seguintes:

  • a. USA Patriot

  • b. Gramm-Leach-Bliley

  • c. California Database Security Breach

  • d. Sarbanes-Oxley

Explicação

Questão 3 de 30

1

Under the __, health care enterprises must guard protected health information and implement policies and procedures to safeguard it, whether it be in paper or electronic format.

Selecione uma das seguintes:

  • a. HLPDA

  • b. USHIPA

  • c. HIPAA

  • d. HCPA

Explicação

Questão 4 de 30

1

What is another name for unsolicited e-mail messages?

Selecione uma das seguintes:

  • a. trash

  • b. scam

  • c. spawn

  • d. spam

Explicação

Questão 5 de 30

1

__ ensures that information is correct and that no unauthorized person or malicious software has altered that data

Selecione uma das seguintes:

  • a. Identity

  • b. Confidentiality

  • c. Integrity

  • d. Availability

Explicação

Questão 6 de 30

1

__ ensures that the individual is who they claim to be (the authentic or genuine person) and not an imposter.

Selecione uma das seguintes:

  • a. Encryption

  • b. Authentication

  • c. Accounting

  • d. Authorization

Explicação

Questão 7 de 30

1

A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts.

Selecione uma das seguintes:

  • a. 10 to 14

  • b. 14 to 16

  • c. 12 to 15

  • d. 13 to 14

Explicação

Questão 8 de 30

1

In information security, an example of a threat agent can be ____.

Selecione uma das seguintes:

  • a. a force of nature such as a tornado that could destroy computer equipment

  • b. a virus that attacks a computer network

  • c. Both a and d

  • d. an unsecured computer network

Explicação

Questão 9 de 30

1

Weakness in software can be more quickly uncovered and exploited with new software tools and techniques.

Selecione uma das opções:

  • VERDADEIRO
  • FALSO

Explicação

Questão 10 de 30

1

The demand for IT professionals who know how to secure networks and computers is at an all-time low.

Selecione uma das opções:

  • VERDADEIRO
  • FALSO

Explicação

Questão 11 de 30

1

Which of the following is NOT a characteristic of Advanced Persistent Threat (APT)?

Selecione uma das seguintes:

  • a. can span several years

  • b. targets sensitive propriety information

  • c. uses advanced tools and techniques

  • d. is only used by hactivists against foreign enemies

Explicação

Questão 12 de 30

1

Which of the following was used to describe attackers who would break into a computer system without the owner's permission and publicly disclose the vulnerability?

Selecione uma das seguintes:

  • a. white hat hackers

  • b. black hat hackers

  • c. blue hat hackers

  • d. gray hat hackers

Explicação

Questão 13 de 30

1

Which of the following is NOT a reason why it is difficult to defend against today's attackers?

Selecione uma das seguintes:

  • a. increased speed of attacks

  • b. simplicity of attack tools

  • c. greater sophistication of defense tools

  • d. delays in security updating

Explicação

Questão 14 de 30

1

Why can brokers command such a high price for what they sell?

Selecione uma das seguintes:

  • a. Brokers are licensed professionals.

  • b. The attack targets are always wealthy corporations.

  • c. The vulnerability was previously unknown and is unlikely to be patched quickly.

  • d. Brokers work in teams and all the members must be compensated.

Explicação

Questão 15 de 30

1

Which phrase describes the term "security" in a general sense.

Selecione uma das seguintes:

  • a. protection from only direct actions

  • b. using reverse attack vectors (RAV) for protection

  • c. only available on hardened computers and systems

  • d. the necessary steps to protect a person or property from harm

Explicação

Questão 16 de 30

1

____ ensures that only authorized parties can view the information.

Selecione uma das seguintes:

  • a. Confidentiality

  • b. Availability

  • c. Authorization

  • d. Integrity

Explicação

Questão 17 de 30

1

Each of the following is a successive layer in which information security is achieved EXCEPT ____.

Selecione uma das seguintes:

  • a. products

  • b. purposes

  • c. procedures

  • d. people

Explicação

Questão 18 de 30

1

What is a person or element that has the power to carry out a threat.

Selecione uma das seguintes:

  • a. threat agent

  • b. exploiter

  • c. risk agent

  • d. vulnerability

Explicação

Questão 19 de 30

1

____ ensures that individuals are why they claim to be.

Selecione uma das seguintes:

  • a. Demonstration

  • b. Accounting

  • c. Authentication

  • d. Certification

Explicação

Questão 20 de 30

1

What is the difference between a hactivist and a cyberterrorist?

Selecione uma das seguintes:

  • a. A hactivist is motivated by ideology while a cyberterrorist is not.

  • b. Cyberterrorists always work in groups while hactivists work alone.

  • c. The aim of a hactivist is not to incite panic like cyberterrorists.

  • d. Cyberterrorists are better funded than hactivists.

Explicação

Questão 21 de 30

1

Each of the following is a goal of information security EXCEPT ____.

Selecione uma das seguintes:

  • a. avoid legal consequences

  • b. foil cyberterrorism

  • c. prevent data theft

  • d. limit access control

Explicação

Questão 22 de 30

1

Which act requires enterprises to guard protected health information and implement policies and procedures to safeguard it?

Selecione uma das seguintes:

  • a. Hospital Protection and Insurance Association Agreement (HPIAA)

  • b. Sarbanes-Oxley (Sarbox)

  • c. Gramm-Leach-Bliley Act (GLBA)

  • d. Health Insurance Portability and Accountability Act (HIPAA)

Explicação

Questão 23 de 30

1

Why do cyberterrorists target power plants, air traffic control centers, and water systems?

Selecione uma das seguintes:

  • a. These targets have notoriously weak security and are easy to penetrate.

  • b. They can cause significant disruption by destroying only a few targets.

  • c. These targets are government-regulated and any successful attack would be considered a major victory.

  • d. The targets are privately owned and cannot afford high levels of security.

Explicação

Questão 24 de 30

1

What is the first step in the Cyber Kill Chain?

Selecione uma das seguintes:

  • a. weaponization

  • b. exploitation

  • c. actions on objectives

  • d. reconnaissance

Explicação

Questão 25 de 30

1

An organization that purchased security products from different vendors is demonstrating which security principle?

Selecione uma das seguintes:

  • a. obscurity

  • b. diversity

  • c. limiting

  • d. layering

Explicação

Questão 26 de 30

1

Each of the following can be classified an "insider" EXCEPT ____.

Selecione uma das seguintes:

  • a. business partners

  • b. contractors

  • c. stockholders

  • d. employees

Explicação

Questão 27 de 30

1

What are attackers called who belong to a network of identity thieves and financial fraudsters?

Selecione uma das seguintes:

  • a. cybercriminals

  • b. script kiddies

  • c. hackers

  • d. brokers

Explicação

Questão 28 de 30

1

What is an objective of state-sponsored attackers?

Selecione uma das seguintes:

  • a. to right a perceived wrong

  • b. to spy on citizens

  • c. to sell vulnerabilities to the highest bidder

  • d. fortune instead of fame

Explicação

Questão 29 de 30

1

An example of ____ is not reveling they type of computer, operating system, software, and network connection a computer uses.

Selecione uma das seguintes:

  • a. layering

  • b. diversity

  • c. obscurity

  • d. limiting

Explicação

Questão 30 de 30

1

The ____ is primarily responsible for accessing, managing, and implementing security.

Selecione uma das seguintes:

  • a. security administrator

  • b. security manager

  • c. security technician

  • d. chief information security officer (CISO)

Explicação