Intro to Security

What type of theft involves stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain? 1 - identity theft 2- phishing 3- cyberterrorism 4-social scam

1 - identity theft

According to the U.S. Bureau of Labor Statistics, what percentage of growth for information security analysts is the available job outlook supposed to reach through 2024? 1-18 2-10 3-15 4-27

1-18

Which of the following is a common security framework? (Choose all that apply.) 1-COBIT 2-ISO 3-ASA 4-RFC

1-COBIT 2-ISO 4-RFC

Which law requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information? 1-Gramm-Leach-Bliley 2-Sarbanes-Oxley 3-California Database Security Breach 4-USA Patriot

1-Gramm-Leach-Bliley

Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format? 1-HIPAA 2-USHIPA 3-HLPDA 4-HCPA

1-HIPAA

Which of the following ensures that data is accessible to authorized users? 1-availability 2-identity 3-integrity 4-confidentiality

1-availability

Which of the following are considered threat actors? (Choose all that apply. 1-brokers 2-administrators 3-competitors 4-individuals

1-brokers 3-competitors

What term describes a layered security approach that provides the comprehensive protection? 1-defense-in-depth 2-diverse-defense 3-comprehensive-security 4-limiting-defense

1-defense-in-depth

Which of the following is a valid fundamental security principle? (Choose all that apply.) 1-diversity 2-simplicity 3-signature 4-layering

1-diversity 2-simplicity 4-layering

Which term below is frequently used to describe the tasks of securing information that is in a digital format? 1-information security 2-physical security 3-logical security 4-network security

1-information security

What term is used to describe state-sponsored attackers that are used for launching computer attacks against their foes? 1-nation state actors 2-state hackers 3-nation state threats 4-cyber military

1-nation state actors

What type of diversity is being implemented if a company is using multiple security products from different manufacturers? 1-vendor diversity 2-vendor-control security 3-multiple-product security 4-manufacturer diversity

1-vendor diversity

What term best describes any premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents? 1-hacking 2-cyberterrorism 3cybercriminal 4-cracking

2-cyberterrorism

What level of security access should a computer user have to do their job? 1-limiting amount 2-least amount 3-password protected 4-authorized access

2-least amount

What information security position reports to the CISO and supervises technicians, administrators, and security staff? 1-security engineer 2-security manager 3-security auditor 4-security administrator

2-security manager

What term refers to an action that provides an immediate solution to a problem by cutting through the complexity that surrounds it? 1-unicorn 2-silver bullet 3-secure solution 4-approved action

2-silver bullet

What process describes using technology as a basis for controlling the access and usage of sensitive data? 1-administrative controls 2-technical controls 3-vendor diversity 4-control diversity

2-technical controls

Which of the three protections ensures that only authorized parties can view information? 1-integrity 2-availability 3-confidentiality 4-security

3-confidentiality

Select the term that best describes automated attack software? 1-insider software 2-intrusion application 3-open-source intelligence 4-open-source utility

3-open-source intelligence

Which of the following describes various supporting structures for implementing security that provides a resource of how to create a secure IT environment? (Choose all that apply.) 1-reference frameworks 2-regulatory frameworks 3-reference architectures 4-industry-standard frameworks

3-reference architectures 4-industry-standard frameworks

Those who wrongfully disclose individually identifiable health information can be fined up to what amount per calendar year? 1-$50,000 2-$500,000 3-$250,000 4-$1,500,000

4-$1,500,000

What class of attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period? 1-Modified Threat 2-Inside Attacks 3-Embedded Attacks 4-Advanced Persistent Threat

4-Advanced Persistent Threat

To date, the single most expensive malicious attack occurred in 2000, which cost an estimated $8.7 billion. What was the name of this attack? 1-Slammer 2-Code Red 3-Nimda 4-Love Bug

4-Love Bug

In information security, what can constitute a loss? 1- the loss of goodwill or a reputation 2-a delay in transmitting information that results in a financial penalty 3-theft of information 4-all of the above

4-all of the above

In information security, which of the following is an example of a threat actor? 1-a person attempting to break into a secure computer network 2-a virus that attacks a computer network 3-a force of nature such as a tornado that could destroy computer equipment 4-all of the above

4-all of the above

In what kind of attack can attackers make use of millions of computers under their control in an attack against a single server or network? 1-local 2-remote 3-centered 4-distributed

4-distributed

What term is used to describe a group that is strongly motivated by ideology, but is usually not considered to be well-defined and well-organized? 1-hacker 2-script kiddies 3-cyberterrorist 4-hactivists

4-hactivists

Select the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data. 1-confidentiality 2-availability 3-identity 4-integrity

4-integrity

Which term is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so? 1-cybercriminal 2-cyberterrorist 3-hacker 4-script kiddies

4-script kiddies

Which position below is considered an entry-level position for a person who has the necessary technical skills? 1-security manager 2-CISO 3-security administrator 4-security technician

4-security technician

As security is increased, convenience is often increased. True/False

False

Brokers steal new product research or a list of current customers to gain a competitive advantage. True/False

False

Smartphones give the owner of the device the ability to download security updates. True/False

False

Successful attacks are usually not from software that is poorly designed and has architecture/design weaknesses. True/False

False

The Sarbanes-Oxley Act restricts electronic and paper data containing personally identifiable financial information. True/False

False

The Security Administrator reports directly to the CIO. True/False

False

A vulnerability is a flaw or weakness that allows a threat to bypass security. True/False

True

One of the challenges in combating cyberterrorism is that many of the prime targets are not owned and managed by the federal government. True/False

True

The CompTIA Security+ certification is a vendor-neutral credential. True/False

True

To mitigate risk is the attempt to address risk by making the risk less serious. True/False

True