Chapter 1 - Introduction to Security (Q&A)

_____ ensures that individuals are who they claim to be. a) Authentication b) Accounting c) Certification d) Demonstration

a) Authentication

_____ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic and paper containing personally identifiable financial information. a) Gramm-Leach-Bliley Act (GLBA) b) Sarbanes-Oxley Act (Sarbox) c) California Savings and Loan Security Act (CS&LSA) d) USA Patriot Act

a) Gramm-Leach-Bliley Act (GLBA)

The _____ requires that enterprises must guard protected health information and implement policies and procedures to safeguard it. a) Health Insurance Portability and Accountability Act (HIPAA) b) Sarbanes-Oxley Act (Sarbox) c) Hospital Protection and Insurance Association Agreement (HPIAA) d) Gramm-Leach-Bliley Act (GLBA)

a) Health Insurance Portability and Accountability Act (HIPAA)

Keeping backup copies of important data stored in a safe place is an example of a) minimizing losses b) sending secure information c) layering d) blocking attacks

a) minimizing losses

What is a person or element that has the power to carry out a threat? a) threat agent b) exploiter c) risk agent d) hazard element

a) threat agent

In information security terminology a(n) _____ is a flaw or weakness that allows an attacker to bypass security protections. a) vulnerability b) access c) access control d) worm hole

a) vulnerability

Each of the following can be classified as an "insider" except _______. a) business partners b) cybercriminals c) employees d) contractors

b) cybercriminals

Protecting information is accomplished by a) reducing risk factors b) protecting the devices on which the information is found c) securing only local servers d) hiring an Information Security Officer (CISO)

b) protecting the devices on which the information is found

In a general sense "security" is _______. a) only available on specialized computers b) the steps necessary to protect a person or property from harm c) protection from only direct actions d) something that can be relatively easy to achieve

b) the steps necessary to protect a person or property from harm

_____ ensures that only authorized parties can view the information. a) Authorization b) Integrity c) Confidentiality d) Availability

c) Confidentiality

Each of the following is a reason why it is difficult to defend atainst today's attackers except __________. a) user confusion b) faster detection of vulnerabilities c) complexity of attack tools d) greater sophistication of attacks

c) complexity of attack tools

The motivation of _____ is attacking for the sake of their principles or beliefs. a) computer spies b) insiders c) cyberterrorists d) script kiddies

c) cyberterrorists

_____ ensures that the information is correct and no unauthorized person or malicious software has altered that data. a) confidentiality b) layering c) integrity d) obscurity

c) integrity

Each of the following is a characteristic of cybercriminals except _______. a) better funded b) more tenacious c) low motivation d) less risk averse

c) low motivation

What is an objective of state-sponsored attackers? a) fortune over fame b) to sell vulnerabilities to the highest bidder c) to spy on citizens d) to right a perceived wrong

c) to spy on citizens

What is the difference between a hactivist and a cyberterrorist? a) Cyberterrorists always work in groups while hactivists work alone. b) A hactivist is motivated by ideology while a cyberterrorist is not. c) Cyberterrorists are better funded than hactivists. d) The aim of a hactivist is not to incite panic like cyberterrorists.

d) The aim of a hactivist is not to incite panic like cyberterrorists.

Why can brokers command such a high price for what they sell? a) Brokers work in teams and all the members must be compensated. b) Brokers are licensed professionals. c) The attack targets are always wealthy corporations. d) The vulnerability they uncover was previously unknown and is unlikely to be patched quickly.

d) The vulnerability they uncover was previously unknown and is unlikely to be patched quickly.

Each of the following is a characteristic of cybercrime except______. a) targeted attacks against financial networks b) unauthorized attempts to access to information c) theft of personal information d) exclusive use of worms and viruses

d) exclusive use of worms and viruses

Each of the following is a successive layer in which information security is achieved except _______. a) people b) products c) policies and procedures d) purposes

d) purposes

An example of a(n) _____ is a software defect in an operating system that allows an unauthorized user to gain access to a computer without a password. a) asset exploit (AE) b) threat c) threat agent d) vulnerability

d) vulnerability