Chapter 1

Question 1

One of the challenges in combating cyberterrorism is that many of the prime targets are not owned and managed by the federal government.

(T/F)

Answer 1

True

Question 2

Define Script kiddies

Answer 2

Individuals who want to attack computers yet they lack the knowledge of computers and networks needed to do so.

Question 3

Smart phones give the owner of the device the ability to download security updates.

(T/F)

Answer 3

False

Question 4

To mitigate risk is the attempt to address risk by making the risk less serious.

(T/F)

Answer 4

True

Question 5

Describe the security principle of simplicity.

Answer 5

As much as possible, a secure system should be simple for those on the inside to understand and use.

Question 6

To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack?

Answer 6

Love bug

Question 7

The CompTIA Security+ certification is a vendor-neutral credential.

(T/F)

Answer 7

True

Question 8

What are the measures for achieving availability?

Answer 8

redundancy, fault tolerance, patching

Question 9

Proxies are “devices” that are strictly software-only.

(T/F)

Answer 9

Falase

A proxy server is a device which can be either software or hardware based. It intercepts messages entering and leaving the network, and makes outgoing requests on behalf of users. Its primary function is enhancing web surfing performance.

Question 10

A rootkit can hide its presence, but not the presence of other malware.

(T/F)

Answer 10

False

Question 11

d. MisconfigurationsIan recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users’ needs. Which of these generally recognized security positions has Ian been offered?

a. Security administrator
b. Security technician
c. Security officer
d. Security manager

Answer 11

a. Security administrator

Question 12

Alyona has been asked by her supervisor to give a presentation regarding reasons why security attacks continue to be successful. She has decided to focus on the issue of widespread vulnerabilities. Which of the following would Alyona NOT include in her presentation?

a. Large number of vulnerabilities
b. End-of-life systems
c. Lack of vendor support
d. Misconfigurations

Answer 12

d. Misconfigurations

Question 13

Tatyana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. Which of the following configuration issues would NOT covered?

a. Default configurations
b. Weak configurations
c. Vulnerable business processes
d. Misconfigurations

Answer 13

c. Vulnerable business processes

Question 14

What is a race condition?

a. When a vulnerability is discovered and there is a race to see if it can be patched before it is exploited by attackers.
b. When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
c. When an attack finishes its operation before antivirus can complete its work.
d. When a software update is distributed prior to a vulnerability being discovered.

Answer 14

b. When two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.

Question 15

Which the following is NOT a reason why it is difficult to defend against today’s attackers?

a. Delay in security updating
b. Greater sophistication of defense tools
c. Increased speed of attacks
d. Simplicity of attack tools

Answer 15

b. Greater sophistication of defense tools

Question 16

Which of the following is NOT true regarding security?

a. Security is a goal.
b. Security includes the necessary steps to protect from harm.
c. Security is a process.
d. Security is a war that must be won at all costs.

Answer 16

d. Security is a war that must be won at all costs.

Question 17

Adone is attempting to explain to his friend the relationship between security and convenience. Which of the following statements would he use?

a. “Security and convenience are not related.”
b. “Convenience always outweighs security.”
c. “Security and convenience are inversely proportional.”
d. “Whenever security and convenience intersect, security always wins.”

Answer 17

c. “Security and convenience are inversely proportional.”

Question 18

Which of the following ensures that only authorized parties can view protected information?

a. Authorization
b. Confidentiality
c. Availability
d. Integrity

Answer 18

b. Confidentiality

Question 19

Which of the following is NOT a successive layer in which information security is achieved?

a. Products
b. People
c. Procedures
d. Purposes

Answer 19

d. Purposes

Question 20

Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information _____.

a. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network.
b. through a long-term process that results in ultimate security.
c. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources.
d. through products, people, and procedures on the devices that store, manipulate, and transmit the information.

Answer 20

d. through products, people, and procedures on the devices that store, manipulate, and transmit the information.

Question 21

Which of the following is an enterprise critical asset?

a. System software
b. Information
c. Outsourced computing services
d. Servers, routers, and power supplies

Answer 21

b. Information

Question 22

Gunnar is creating a document that explains risk response techniques. Which of the following would he NOT list and explain in his document?

a. Extinguish risk
b. Transfer risk
c. Mitigate risk
d. Avoid risk

Answer 22

a. Extinguish risk

Question 23

Which act requires banks and financial institutions to alert their customers of their policies in disclosing customer information?

a. Sarbanes-Oxley Act (Sarbox)
b. Financial and Personal Services Disclosure Act
c. Health Insurance Portability and Accountability Act (HIPAA)
d. Gramm-Leach-Bliley Act (GLBA)

Answer 23

d. Gramm-Leach-Bliley Act (GLBA)

Question 24

Why do cyberterrorists target power plants, air traffic control centers, and water systems?

a. These targets are government-regulated and any successful attack would be considered a major victory.
b. These targets have notoriously weak security and are easy to penetrate.
c. They can cause significant disruption by destroying only a few targets.
d. The targets are privately owned and cannot afford high levels of security.

Answer 24

c. They can cause significant disruption by destroying only a few targets.

Question 25

Which tool is most commonly associated with nation state threat actors?

a. Closed-Source Resistant and Recurrent Malware (CSRRM)
b. Advanced Persistent Threat (APT)
c. Unlimited Harvest and Secure Attack (UHSA)
d. Network Spider and Worm Threat (NSAWT)

Answer 25

b. Advanced Persistent Threat (APT)

Question 26

An organization that practices purchasing products from different vendors is demonstrating which security principle?

a. Obscurity
b. Diversity
c. Limiting
d. Layering

Answer 26

b. Diversity

Question 27

What is an objective of state-sponsored attackers?

a. To right a perceived wrong
b. To amass fortune over of fame
c. To spy on citizens
d. To sell vulnerabilities to the highest bidder

Answer 27

c. To spy on citizens

Question 28

Signe wants to improve the security of the small business where she serves as a security manager. She determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. What security principle does Signe want to use?

a. Obscurity
b. Layering
c. Diversity
d. Limiting

Answer 28

a. Obscurity

Question 29

What are industry-standard frameworks and reference architectures that are required by external agencies known as?

a. Compulsory
b. Mandatory
c. Required
d. Regulatory

Answer 29

d. Regulatory

Question 30

What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?

a. Cyberterrorists
b. Competitors
c. Brokers
d. Resource managers

Answer 30

c. Brokers