Cybersecurity Midterms multiple choice questions
"4-1-9" fraud is an example of a ____________________ attack. 1. social engineering 2. virus 3. worm 4. spam
1
Ideally, the _____, systems administrators, the chief information security officer (CISO), and key IT and business managers should be actively involved during the creation and development of all CP components 1.chief information officer (CIO) 2.chief executive officer (CEO) 3. chief financial officer (CFO) 4.senior auditor
1
In a ____________________ attack, the attacker sends a large number of connection or information requests to disrupt a target from a small number of sources. 1. denial-of-service 2. distributed denial-of-service 3. virus 4. spam
1
Incident _____ is the process of examining a potential incident, or incident candidate, and determining whether the candidate constitutes an actual incident. 1.classification 2.category 3.response 4.strategy
1
Incident _____ is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets. 1.response 2.readiness 3.mitigation 4.recovery
1
The first phase of risk management is _________. 1. risk identification 2. design 3. risk control 4. risk evaluation
1
An organizational resource that is being protected is sometimes logical, such as a Web site, software information, or data. Sometimes the resource is physical, such as a person, computer system, hardware, or other tangible object. Either way, the resource is known as a(n) ___________. 1. access method 2. asset 3. exploit 4. risk
2
Criminal or unethical __________ goes to the state of mind of the individual performing the act. 1.attitude 2.intent 3.accident 4.All of the above
2
Human error or failure often can be prevented with training, ongoing awareness activities, and ____________________. 1. threats 2. education 3. hugs 4. paperwork
2
The Computer __________ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. 1. violence 2. fraud 3. theft 4.usage
2
The Computer __________ and Abuse Act of 1986 is the cornerstone of many computer-related federal laws and enforcement efforts. 1. violence 2. fraud 3. theft 4. usage
2
__________ law comprises a wide variety of laws that govern a nation or state. 1. criminal 2. civil 3. public 4. private
2
__________ law comprises a wide variety of laws that govern a nation or state. 1. criminal 2. civil 3. public 4. private
2
____________________ is the premeditated, politically motivated attacks against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents. 1. infoterrorism 2. cyberterrosim 3. hacking 4. cracking
2
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except __________. 1. for purposes of commercial advantage 2.for private financial gain 3.to harass 4.in furtherance of a criminal act
3
Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. 1. bypass 2. theft 3. trespass 4. security
3
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization. 1. ISO 2. CIO 3. CISO 4. CTO
3
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes _____. 1.controls have been bypassed 2.controls have proven ineffective 3.controls have failed 4.All of the above
4
Data backup should be based on a(n) ____ policy that specifies how long log data should be maintained . 1. replication 2. business resumption 3. incident response 4. retention
4
Digital forensics involves the _____, identification, extraction, documentation, and interpretation of digital media. 1. investigation 2. determination 3. confiscation 4. preservation
4
In the ____________________ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. 1. zombie-in-the-middle 2. sniff-in the-middle 3. server-in-the-middle 4. man-in-the-middle
4
The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology is known as ___________. 1. communications security 2. network security 3. physical security 4. information security
4
__________ was the first operating system to integrate security as one of its core functions. 1. UNIX 2. DOS 3. MULTICS 4. ARPANET
MULTICS
A technique used to compromise a system is known as a(n) ___________. 1. access method 2. asset 3. exploit 4. risk
exploit
