Chapter 1

You have just intercepted the following message from Caesar: L ORYH FOHRSDWUD. Can you guess what shift was used to encode the message? 15 1 3 7

3

What is a one-way function in cryptography? A mathematical combination of keys that is difficult to create, and difficult to undo. A mathematical combination of keys that is difficult to create, but easy to undo. A mathematical combination of keys that is easy to create, but difficult to undo. A mathematical combination of keys that is easy to create, and easy to undo.

A mathematical combination of keys that is easy to create, but difficult to undo.

Information security threats can be _____. Physical. External. All of these answers are correct. Internal.

All of these answers are correct.

What would be an example of a violation of the principle of confidentiality? Financial records being altered to make it look like a company made more than they did Stealing records from a company to sell to other interested markets An employee accessing a payroll database to find out how much others are paid A file server going down due to lack of good maintenance of systems

An employee accessing a payroll database to find out how much others are paid

_____ is anything that can negatively affect information. A rule. An information security threat. A threat. None of these answers are correct.

An information security threat.

What are the four principles of information security? Confidentiality, Secrecy, Safety, Non-Repudiation Availability, Integrity, Confidentiality, Cost Safety, Secrecy, Ease of Use, Availability Availability, Integrity, Confidentiality, Non-Repudiation

Availability, Integrity, Confidentiality, Non-Repudiation

If a website requires you to log in with a password to change your address, this is an example of that website observing what principles of information security? Integrity and Confidentiality Confidentiality and Availability Availability and Integrity Availability, Integrity, and Confidentiality

Availability, Integrity, and Confidentiality

A _____ attack is a cyber attack where the attacker tries guessing system access credentials like passwords by trying different character combinations until a correct combination is identified. Malware Brute force Phishing Man-in-the-Middle

Brute force

If your employer could view your medical records without your permission, what principle of information security would be violated? Availability Confidentiality Repudiation Integrity

Confidentiality

In securing information and information systems, an organization can implement an SMS-based password authentication protocol in an addition to the username/password combination requirement for system access. Which aspect of information security is addressed by the additional layer of security? Confidentiality Availability Integrity None

Confidentiality

What is NOT an example of physical security? Shredding documents Requiring employee IDs to enter the premises Encrypting email messages Keeping files under lock and key

Encrypting email messages

If you have information secured on a LAN that isn't connected in any way to the Internet, both information security and cybersecurity applies. True False

False (Only Information Security)

_____ refers to the process of making sure only those who are entitled to information can access it? Integrity Information security Principle of least privilege Confidentiality

Information security

The CIA model of information security contains what three principles? Confidentiality, Integrity, and Authorization Completion, Invisibility, and Accuracy Authentication, Corroboration, and Integrity Integrity, Confidentiality, and Availability

Integrity, Confidentiality, and Availability

On the staff of Kumquat Computing, Inc. - - Jared's main task is to protect the confidentiality of a customer database that's kept on a LAN in the lobby and waiting rooms. - Tyrone's main task is to protect the confidentiality of client files that are stored in the cloud. Which is true of Jared's and Tyrone's main tasks? Both Jared and Tyrone are doing information security. Neither of them is doing cybersecurity. Both Jared and Tyrone are doing information security and cybersecurity. Jared i

Jared is doing information security. Tyrone is doing both information security and cybersecurity.

Which of the following best describes integrity as it relates to information security? Being honest on an information security job application Keeping data and information intact Deleting unused files Memorizing your password

Keeping data and information intact

Encrypt the following message using a Caesar cipher with a shift of 7: ET TU BRUTE YN NO VLONY LA AB IYBAL KZ ZA HXAZK XM MN UKNMX

LA AB IYBAL

Which of the following best describes availability as it relates to information security? Clearing your calendar for IT meetings Updating your antivirus software Making sure information can be accessed by those who need it and have authorization Uninstalling programs to free up space

Making sure information can be accessed by those who need it and have authorization

What is the main idea behind the principle of availability in information security? Shredding sensitive documents after they're not needed People can trust that the information in an organization hasn't been tampered with in some way Making documents confidential People who are authorized to view data can do so when they need access

People who are authorized to view data can do so when they need access

Fire is an example of a _____ information security threat. Internal. Physical. Logical. External.

Physical.

Which of the following best describes confidentiality as it relates to information security? Locking files in a desk Preventing unauthorized users from accessing information Keeping a spare password for information access Backing up a hard drive

Preventing unauthorized users from accessing information

The _____ ensures that people only have access to the information they need to do their jobs. Principle of confidentiality Principle of least privilege Access control Principle of availability

Principle of least privilege

Ransomware is a malicious program that can encrypt intercepted data. The attacker controlling the software can demand a ransom before allowing the data to be decrypted, rendering it useless until the price is paid. Which of the following is TRUE about ransomware? Defining a password security policy will prevent system infection with ransomware. Using a VPN to exchange information prevents it from being encrypted, making ransomware attacks impossible. Up-to-date antivirus software will effecti

Ransomware is a type of malware.

Information security must _____, and protect against, all threats. Count. Recognize. All of these answers are correct. Delete.

Recognize

What was the name of the cryptographic rotor machine used by the Germans in World War II? The Substitution cipher The Enigma machine The Diffie-Hellman machine The da Vinci encoder

The Enigma machine

Annabelle, the CEO of Kumquat Computing, Inc., emails her vice president, Roland, to discuss an upcoming merger. Evelyn intercepts the email and changes the content of the message, altering the proposed terms of the merger, before Roland sees it. Which of these is true? This describes a Man-in-the-Middle attack. Roland will probably realize that that the email was tampered with. This describes a Man-in-the-Middle attack. Roland will probably NOT realize that the email was tampered with. This

This describes a Man-in-the-Middle attack. Roland will probably NOT realize that the email was tampered with.

A _____ is anything that can negatively alter, disrupt, hide, or erase an object or objects of interest. Rule. None of these answers are correct. Information. Threat.

Threat.

What is the 'key exchange' problem in modern information security? Two parties need to privately share the secret encryption key before communicating. There are too many encryption keys to keep track of. The encryption key is too complicated to calculate. Encryption keys are too long.

Two parties need to privately share the secret encryption key before communicating.

Requiring you to sign a contract uses the principle of _____ to secure the contract. non-repudiation integrity availability confidentiality

non-repudiation