Copy and Edit

Section 2 - Test

Description

1 Security X Quiz on Section 2 - Test, created by J Garner on 05/08/2018.
J Garner
Quiz by J Garner, updated more than 1 year ago
J Garner
Created by J Garner over 6 years ago
43
0
0

Resource summary

Question 1

Question
The combination of the probability of an event and its consequence (ISO/IEC 73). ___ is/are mitigated through the use of controls or safeguards.
Answer
  • Risk
  • Threat
  • Asset
  • Vulnerability

Question 2

Question
Anything that is capable of acting against an asset in a manner that can result in harm.
Answer
  • Risk
  • Threat
  • Asset
  • Vulnerability

Question 3

Question
Something of either tangible or intangible value that is worth protecting, including people, information, infrastructure, finances and reputation
Answer
  • Risk
  • Threat
  • Asset
  • Vulnerability

Question 4

Question
A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events.
Answer
  • Risk
  • Threat
  • Asset
  • Vulnerability

Question 5

Question
The risk level or exposure without taking into account the actions that management has taken or might take
Answer
  • Inherent Risk
  • Residual Risk

Question 6

Question
Which breadcrumb is correct when framing an approach to risk management?
Answer
  • Threat Source initiates > Threat Events exploits > Vulnerability causing > Adverse Impact producing > Organization Risk
  • Threat Source initiates > Vulnerability causing > Threat Events exploits > Adverse Impact producing > Organization Risk
  • Threat Events exploits >Threat Source initiates > Vulnerability causing > Adverse Impact producing > Organization Risk
  • Threat Events exploits > Vulnerability causing > Threat Source initiates > Adverse Impact producing > Organization Risk

Question 7

Question
Approach to developing risk scenarios is based on describing risk events that are specific to cybersecurity-related situations, typically hypothetical situations envisioned by the people performing the job functions in specific processes.
Answer
  • Top-down Approach
  • Bottom-up Approach

Question 8

Question
Approach to scenario development is based on understanding business goals and how a risk event could affect the achievement of those goals. Under this model, the risk practitioner looks for the outcome of events that may hamper business goals identified by senior management.
Answer
  • Top-down Approach
  • Bottom-up Approach

Question 9

Question
The ___ approach is suited to general risk management of the company, because it looks at both IT- and non- IT-related events. A benefit of this approach is that because it is more general, it is easier to achieve management buy-in even if management usually is not interested in IT. The ___ approach also deals with the goals that senior managers have already identified as important to them.
Answer
  • Top-down Approach
  • Bottom-down Approach

Question 10

Question
The ____ approach can be a good way to identify scenarios that are highly dependent on the specific technical workings of a process or system, which may not be apparent to anyone who is not intimately involved with that work but could have substantial consequences for the organization.
Answer
  • Top-down Approach
  • Bottom-down Approach

Question 11

Question
___ is used to calculate the risk that an organization faces based on the number of events that may occur within a given time period.
Answer
  • Threat
  • Impact
  • Likelihood
  • Vulnerabilty

Question 12

Question
Failure to detect a ___ may be the result of its absence, or it may be a false negative arising from configurations of a tool or improper performance of a manual review.
Answer
  • Vulnerability
  • Threat
  • Risk
  • Impact

Question 13

Question
Given the combination of unknown ___ and unknown ___, it is difficult of the cybersecurity professional to provide a comprehensive estimate of the likelihood of a successful attack.
Answer
  • Threat, Vulnerability
  • Asset, Threat
  • Vulnerability, Asset
  • Threat, Risk

Question 14

Question
Vulnerability assessments and penetration test provide the cybersecurity practitioner with valuable information on which to partially estimate the ___ .
Answer
  • Vulnerabilities
  • Risks
  • Threats
  • Likelihood

Question 15

Question
When using ___ rankings, the most important state is to rigorously define the meaning of each category and use definitions consistently throughout the assessment process.
Answer
  • Quantitative
  • Qualitative

Question 16

Question
For each identified threat, the ___ of harm expected to result should also be determined.
Answer
  • Risk
  • Vulnerability
  • Impact
  • Likelihood

Question 17

Question
Select all that apply: A number of methodologies are available to measure risk. Different industries and professions have adopted various tactics based upon the following criteria:
Answer
  • Risk tolerance
  • Size and scope of the environment in the question
  • Amount of data available
  • Risk appetite
  • Threat events
  • Threat impacts

Question 18

Question
It is particularly important to understand an organization's ___ when considering how to measure risk.
Answer
  • Risk management plan
  • Risk appetite
  • Risk tolerance
  • Risk assessment

Question 19

Question
There are three different approaches to implementing cybersecurity. Which three are they below
Answer
  • Ad hoc
  • Compliance-based
  • Risk-based
  • Threat-based
  • Impact-based
  • Likelihood-based

Question 20

Question
An ___ approach simply implements security with no particular rationale or criteria. ___ implementations may be driven by vendor marketing, or they may reflect insufficient subject matter expertise, knowledge or training when designing and implementing safeguards.
Answer
  • Ad hoc
  • Compliance-based
  • Risk-based
  • Threat-based

Question 21

Question
Also known as standards-based security, this approach relies on regulations or standards to determine security implementations. Controls are implemented regardless of their applicability or necessity, which often leads to a “checklist” attitude toward security
Answer
  • Ad hoc
  • Compliance-based
  • Risk-based
  • Threat-based

Question 22

Question
___ security relies on identifying the unique risk a particular organization faces and designing and implementing security controls to address that risk above and beyond the entity’s risk tolerance and business needs. The ___ approach is usually scenario-based.
Answer
  • Ad hoc
  • Compliance-based
  • Risk-based
  • Threat-based

Question 23

Question
The ___ approach is usually scenario-based.
Answer
  • Ad hoc
  • Compliance-based
  • Risk-based
  • Threat-based

Question 24

Question
___ have been known to breach security boundaries and perform malicious acts to gain a competitive advantage.
Answer
  • Cybercriminals
  • Corporations
  • Online social hackers
  • Script kiddies

Question 25

Question
Motivated by the desire for profit, these individuals are involved in fraudulent financial transactions
Answer
  • Cybercriminals
  • Cyberwarriors
  • Corporations
  • Hacktivists

Question 26

Question
Characterized by their willingness to use violence to achieve their goals, ___ frequently target critical infrastructures and government groups.
Answer
  • Cyberterrorists
  • Cybercriminals
  • Cyberwarriors
  • Nation states

Question 27

Question
Often likened to hacktivists, ___ , also referred to as cyberfighters, are nationally motivated citizens who may act on behalf of a political party or against another political party that threatens them.
Answer
  • Cyberwarriors
  • Cyberterrorists
  • Cybercriminals
  • Script kiddies

Question 28

Question
Although they typically have fairly low-tech methods and tools, dissatisfied current or former ___ represent a clear cybersecurity risk. All of these attacks are adversarial, but some are not related to APT cyberattacks.
Answer
  • Employees
  • Nation states
  • Online social hackers
  • Script kiddies

Question 29

Question
Although they often act independently, politically motivated hackers may target specific individuals or organizations to achieve various ideological ends.
Answer
  • Cyberterrorists
  • Hacktivists
  • Cyberwarriors
  • Cybercriminals

Question 30

Question
___ often target government and private entities with a high level of sophistication to obtain intelligence or carry out other destructive activities.
Answer
  • Nation states
  • Online social hackers
  • Hacktivists
  • Employees

Question 31

Question
Skilled in social engineering, these attackers are frequently involved in cyberbullying, identity theft and collection of other confidential information or credentials.
Answer
  • Script kiddies
  • Online social hackers
  • Hacktivists
  • Employees

Question 32

Question
___ are individuals who are learning to hack; they may work alone or with others and are primarily involved in code injections and distributed denial-of-service (DDoS) attacks.
Answer
  • Online social hackers
  • Employees
  • Script kiddies
  • Cybercriminals

Question 33

Question
The actual occurrence of a threat, or an activity by a threat agent (or adversary) against an asset.
Answer
  • Exploit
  • Attack Vector
  • Attack
  • Attack Mechanism

Question 34

Question
From an attacker’s point of view, the asset is a target, and the path or route used to gain access to the target (asset) is known as an
Answer
  • Exploit
  • Attack Vector
  • Attack
  • Attack Mechanism

Question 35

Question
There are two types of attack vectors: ingress and egress. Which one is known as data exfiltration?
Answer
  • Ingress
  • Egress

Question 36

Question
Which attack vector focuses on intrusion and hacking into systems?
Answer
  • Ingress
  • Egress

Question 37

Question
Employees that steal data from systems and networks is an example of which attack vector?
Answer
  • Ingress
  • Egress

Question 38

Question
The attacker must defeat any controls in place and/or use an ___ to take advantage of a vulnerability.
Answer
  • Exploit
  • Attack Vector
  • Attack
  • Attack Mechanism

Question 39

Question
The method used to deliver the exploit.
Answer
  • Target
  • Attack Vector
  • Attack
  • Attack Mechanism

Question 40

Question
An example of this can be a crafted malicious pdf, crafted by the attacker and delivered by email.
Answer
  • Exploit
  • Attack Vector
  • Attack
  • Attack Mechanism

Question 41

Question
Which order is correct for the attributes of an attack?
Answer
  • Attack Vector, Exploit, Vulnerability, Payload, Target (Asset)
  • Attack Vector, Exploit, Payload, Vulnerability, Target (Asset)
  • Attack Vector, Vulnerability, Payload, Exploit, Target (Asset)
  • Attack Vector, Vulnerability, Exploit, Payload, Target (Asset)

Question 42

Question
Usually the result of an error, malfunction or mishap of some sort.
Answer
  • Adversarial Threat Event
  • Nonadversarial Threat Event

Question 43

Question
Made by a human threat agent
Answer
  • Adversarial Threat Event
  • Nonadversarial Threat Event

Question 44

Question
The adversary gathers information using a variety of techniques, passive or active.
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 45

Question
The adversary crafts the tools needed to carry out a future attack.
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 46

Question
The adversary inserts or installs whatever is needed to carry out the attack.
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 47

Question
The adversary takes advantage of information and systems in order to compromise them.
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 48

Question
The adversary coordinates attack tools or performs activities that interfere with organizational functions.
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 49

Question
The adversary causes an adverse impact.
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 50

Question
The adversary continues to exploit and compromise the system
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 51

Question
The adversary coordinates a campaign against the organization.
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 52

Question
What is the correct order of the Threat Process?
Answer
  • Perform reconnaissance, Create attack tools, Exploit and compromise, Deliver malicious capabilities, Conduct an attack, Achieve results, Maintain a presence or set of capabilities, Coordinate a campaign
  • Perform reconnaissance, Create attack tools, Deliver malicious capabilities, Exploit and compromise, Conduct an attack, Achieve results, Maintain a presence or set of capabilities, Coordinate a campaign
  • Perform reconnaissance, Deliver malicious capabilities, Create attack tools, Exploit and compromise, Conduct an attack, Achieve results, Maintain a presence or set of capabilities, Coordinate a campaign
  • Perform reconnaissance, Deliver malicious capabilities, Create attack tools, Exploit and compromise, Conduct an attack, Maintain a presence or set of capabilities, Achieve results, Coordinate a campaign

Question 53

Question
Perform reconnaissance: The adversary gathers information using a variety of techniques, passive or active. Passive may include:
Answer
  • i. Sniffing network traffic ii. Using open source discovery of organizational information (news groups; company postings on IT design and IT architecture) iii. Google hacking
  • i. Scanning the network perimeter ii. Social engineering (fake phone calls, low-level phishing)

Question 54

Question
The following are examples of which attack process? a. Sniffing network traffic b. Using open source discovery of organizational information (news groups; company postings on IT design and IT architecture) c. Google hacking d. Scanning the network perimeter e. Social engineering (fake phone calls, low-level phishing)
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise

Question 55

Question
The following are examples of which attack process? a. Phishing or spear phishing attacks b. Crafting counterfeit websites or certificates c. Creating and operating false organizations and placing them in to the supply chain to inject malicious components
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise

Question 56

Question
The following are examples of which attack process? a. Introducing malware into organizational information systems b. Placing subverted individuals into privileged positions within the organization c. Installing sniffers or scanning devices on targeted networks and systems d. Inserting tampered hardware or critical components into organizational systems or supply chains
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise

Question 57

Question
The following are examples of which attack process? a. Split tunneling or gaining physical access to organizational facilities b. Exfiltrating data or sensitive information c. Exploiting multitenancy (i.e., multiple customers on shared resources) in a public cloud environment (e.g., attacking open public access points; application program interfaces [APIs]) d. Launching zero-day exploits
Answer
  • Perform reconnaissance
  • Create attack tools
  • Deliver malicious capabilities
  • Exploit and compromise

Question 58

Question
The following are examples of which attack process? a. Communication interception or wireless jamming attacks b. Denial-of-service (DoS) or distributed DDoS attacks c. Remote interference with or physical attacks on organizational facilities or infrastructures d. Session-hijacking or man-in-the-middle attacks
Answer
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 59

Question
The following are examples of which attack process? a. Obtaining unauthorized access to systems and/or sensitive information b. Degrading organizational services or capabilities c. Creating, corrupting or deleting critical data d. Modifying the control flow of information system (e.g., industrial control system, supervisory control and data acquisition (SCADA) systems)
Answer
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 60

Question
The following are examples of which attack process? a. Obfuscating adversary actions or interfering with intrusion detection systems (IDSs) b. Adapting cyberattacks in response to organizational security measures
Answer
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 61

Question
The following are examples of which attack process? a. Multi-staged attacks b. Internal and external attacks c. Widespread and adaptive attacks
Answer
  • Conduct an attack
  • Achieve results
  • Maintain a presence or set of capabilities
  • Coordinate a campaign

Question 62

Question
Which of the following is NOT a Nonadversarial Threat Event?
Answer
  • Mishandling of critical or sensitive information by authorized users
  • Incorrect privilege settings
  • Fire, flood, hurricane, windstorm or earthquake at primary or backup facilities
  • Introduction of vulnerabilities into software products
  • Viruses, Network Worms, Botnets
  • Pervasive disk errors or other problems caused by aging equipment

Question 63

Question
Software designed to gain access to targeted computer systems, steal information or disrupt computer operations.
Answer
  • DoS Attack
  • Malware
  • Social Engineering
  • Phishing

Question 64

Question
A piece of code that can replicate itself and spread from one computer to another. It requires intervention or execution to replicate and/or cause damage.
Answer
  • Spyware
  • Adware
  • Virus
  • Network Worm

Question 65

Question
A variant of the computer virus, which is essentially a piece of self-replicating code designed to spread itself across computer networks. It does not require intervention or execution to replicate.
Answer
  • Virus
  • Network Worm
  • Trojan Horse
  • Botnet

Question 66

Question
A piece of malware that gains access to a targeted system by hiding within a genuine application
Answer
  • Virus
  • Network Worm
  • Trojan Horse
  • Botnet

Question 67

Question
Derived from “robot network,” a large, automated and distributed network of previously compromised computers that can be simultaneously controlled to launch large-scale attacks such as DoS.
Answer
  • Virus
  • Network Worm
  • Trojan Horse
  • Botnet

Question 68

Question
A class of malware that gathers information about a person or organization without the knowledge of that person or organization.
Answer
  • Spyware
  • Adware
  • Ransomware
  • Keylogger
  • Rootkit

Question 69

Question
Also called “hostage code,” a class of extortive malware that locks or encrypts data or functions and demands a payment to unlock them. Several types are available for every operating system
Answer
  • Spyware
  • Adware
  • Ransomware
  • Keylogger
  • Rootkit

Question 70

Question
A class of malware that secretly records user keystrokes and, in some cases, screen content.
Answer
  • Spyware
  • Adware
  • Ransomware
  • Keylogger
  • Rootkit

Question 71

Question
A class of malware that hides the existence of other malware by modifying the underlying operating system.
Answer
  • Spyware
  • Adware
  • Ransomware
  • Keylogger
  • Rootkit

Question 72

Question
Complex and coordinated attacks directed at a specific entity or organization. They require a substantial amount of research and time, often taking months or even years to fully execute.
Answer
  • Advanced persistent threats (APTs)
  • DoS Attack
  • Brute force attack
  • Cross-site scripting (XSS)

Question 73

Question
A means of regaining access to a compromised system by installing software or configuring existing software to enable remote access under attacker-defined conditions.
Answer
  • Advanced persistent threats (APTs)
  • Backdoor
  • Brute force attack
  • Man-in-the-middle attack

Question 74

Question
An attack made by trying all possible combinations of passwords or encryption keys until the correct one is found.
Answer
  • Buffer overflow
  • Advanced persistent threats (APTs)
  • Backdoor
  • Brute force attack

Question 75

Question
Occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.
Answer
  • Cross-site scripting (XSS)
  • Man-in-the-middle attack
  • Buffer overflow
  • Backdoor

Question 76

Question
A type of injection in which malicious scripts are injected into otherwise benign and trusted websites.
Answer
  • Structure Query Language (SQL) injection
  • Cross-site scripting (XSS)
  • DoS attack
  • Advanced persistent threats (APTs)

Question 77

Question
An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate.
Answer
  • Man-in-the-middle attack
  • Cross-site scripting (XSS)
  • Structure Query Language (SQL) injection
  • DoS attack

Question 78

Question
Any attempt to exploit social vulnerabilities to gain access to information and/or systems.
Answer
  • Spear phishing
  • Social engineering
  • Phishing
  • Spoofing

Question 79

Question
A type of email attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering.
Answer
  • Phishing
  • Spoofing
  • Spear phishing
  • Social engineering

Question 80

Question
An attack where social engineering techniques are used to masquerade as a trusted party to obtain important information such as passwords from the victim.
Answer
  • Phishing
  • Social engineering
  • Spear phishing
  • Spoofing

Question 81

Question
Faking the sending address of a transmission in order to gain illegal entry into a secure system.
Answer
  • Spoofing
  • Phishing
  • Social engineering
  • Spear phishing

Question 82

Question
An attack that consists of insertion or ‘injection’ of a SQL query via the input data from the client to the application.
Answer
  • Zero-day exploit
  • Structure Query Language (SQL) injection
  • Cross-site scripting (XSS)
  • Buffer overflow

Question 83

Question
A vulnerability that is exploited before the software creator/vendor is even aware of its existence.
Answer
  • Backdoor
  • Advanced persistent threats (APTs)—
  • DoS attack
  • Zero-day exploit

Question 84

Question
There are several attributes of good policies that should be considered: (select all that apply below)
Answer
  • Security policies should be an articulation of a well-defined information security strategy that captures the intent, expectations and direction of management.
  • Policies must be update/maintained on a frequent basis.
  • Policies must be clear and easily understood by all affected parties.
  • Policies should be short and concise, written in plain language.

Question 85

Question
Most organizations should create security policies ___ developing a security strategy.
Answer
  • Before
  • After

Question 86

Question
Communicate required and prohibited activities and behaviors.
Answer
  • Procedures
  • Policies
  • Standards
  • Guidelines

Question 87

Question
Interpret policies in specific situations.
Answer
  • Guidelines
  • Policies
  • Standards
  • Procedures

Question 88

Question
Provide details on how to comply with policies and standards.
Answer
  • Procedures
  • Guidelines
  • Standards
  • Policies

Question 89

Question
Provide general advice on issues such as “what to do in particular circumstances.” These are not requirements to be met but are strongly recommended.
Answer
  • Policies
  • Standards
  • Procedures
  • Guidelines

Question 90

Question
Which COBIT 5 information security policy set do the following items belong to: – Data classification and ownership – System classification and ownership – Resource utilization and prioritization – Asset life cycle management – Asset protection
Answer
  • Risk Management
  • Compliance
  • Communication and Operations
  • Asset Management

Question 91

Question
Which COBIT 5 information security policy set do the following items belong to: – At-work acceptable use and behavior, including privacy, Internet/email, mobile devices, BYOD, etc. – Offsite acceptable use and behavior, including social media, blogs
Answer
  • Communication and Operations
  • Compliance
  • Acquisition/Development/Maintenance
  • Rules of Behavior

Question 92

Question
Which COBIT 5 information security policy set do the following items belong to: – Information security within the life cycle, requirements definition and procurement/acquisition processes – Secure coding practices – Integration of information security with change and configuration management
Answer
  • Acquisition/Development/Maintenance
  • Risk Management
  • Rules of Behavior
  • Communication and Operations

Question 93

Question
Which COBIT 5 information security policy set do the following items belong to: Contract management
Answer
  • Risk Management
  • Vendor Management
  • Asset Management
  • Business Continuity and Disaster Recovery

Question 94

Question
Which COBIT 5 information security policy set do the following items belong to: – IT information security architecture and application design – Service level agreements
Answer
  • Compliance
  • Rules of Behavior
  • Communication and Operations
  • Acquisition/Development/Maintenance

Question 95

Question
Which COBIT 5 information security policy set do the following items belong to: – IT information security ___ assessment process – Development of metrics – Assessment repositories
Answer
  • Compliance
  • Asset Management
  • Risk Management
  • Business Continuity and Disaster Recovery

Question 96

Question
Which COBIT 5 information security policy set do the following items belong to: – Organizational risk management plan – Information risk profile
Answer
  • Asset Management
  • Communication and Operations
  • Acquisition/Development/Maintenance
  • Risk Management
Show full summary Hide full summary

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

GCSE AQA Physics - Unit 2
James Jolliffe
GCSE AQA Chemistry - Unit 2
James Jolliffe
GCSE CHEMISTRY UNIT 2 STRUCTURE AND BONDING
mustafizk
GCSE CHEMISTRY UNIT 2 STRUCTURE AND BONDING
ktmoo.poppypoo
Sociological Research Methods
Jebbie
Chapter 3
Ryan Tram
Chapter 2
Ryan Tram
GCSE CHEMISTRY UNIT 2 STRUCTURE AND BONDING
benadyl10
Chapter 4
Ryan Tram
Chapter 8
Ryan Tram
Chapter 6
Ryan Tram
Browse Library