CIT Ch.1 Review

The motivation of ____ is attacking for the sake of their principles or beliefs. a. cyberterrorists b. insiders c. script kiddies d. computer spies

A. CYBERTERRORISTS

__________ ensures that the information is correct and no unauthorized person or malicious software has altered that data. a. integrity b. obscurity c. layering d. confidentiality

A. INTERGRITY

Each of the following is a characteristic of cybercriminals except _________. a. low motivation b. better funded c. less risk adverse d. more tenacious

A. LOW MOTIVATION

Keeping backup copies of important data stored in a safe place is an example of ___________. a. minimizing losses b. sending secure information c. blocking attacks d. layering

A. MINIMIZING LOSSES

Protecting information is accomplished by ______________. a. protecting the devices on which the information is found b. securing only local servers c. hiring an Information Security Officer (ISO) d. reducing risk factors

A. PROTECTING THE DEVICES ON WHICH THE INFORMATION IS FOUND

_________ ensures that individuals are whom they claim to be. a. demonstration b. authentication c. accounting d. certification

B. AUTHENTICATION

Each of the following is a reason why it is difficult to defend against today's attacks except _______________. a. faster detection of vulnerabilities b. complexity of attack tools c. user confusion d. greater sophistication of attacks

B. COMPLEXITY OF ATTACK TOOLS

__________ ensures that only authorized parties can view the information. a. integrity b. confidentiality c. availability d. authorization

B. CONFIDENTIALITY

What is a person or element that has the power to carry out a threat? a. exploiter b. threat agent c. hazard element d. risk agent

B. THREAT AGENT

What is an objective to state-sponsored attackers? a. to right a perceived wrong b. to spy on citizens c. to sell vulnerabilities to the highest bidder d. fortune over fame

B. TO SPY ON CITIZENS

In information security terminology a(n) _______ is a flaw or weakness that allows an attacker to bypass security protections. a. access b. vulnerability c. worm hole d. access control

B. VULNERABILITY

Each of the following can be classified as an "insider" except __________. a. business partners b. contractors c. cybercriminals d. employees

C. CYBERCRIMINALS

Each of the following is a characteristic of cybercrime except _______. a. unauthorized attempts to access information b. targeted attacks against financial networks c. exclusive use of worms and viruses d. theft of personal information

C. EXCLUSIVE USE OF WORMS AND VIRUSES

_________ requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information and to protect all electronic devices and paper containing personally identifiable financial information. a. california savings and loan security act (CS&LSA) b. sarbanes-oxley act (Sarbox) c. gramm-leach-bliley act (GLBA) d. usa patriot act

C. GRAMM-LEACH-BLILEY ACT (GLBA)

What is the difference between a hactivist and cyberterrorist? a. a hactivist is motivated by ideology while a cyberterrorist is not. b. cyberterrorists always work in groups while hactivists work alone. c. the aim of a hactivist is not to incite panic like cyberterrorists. d. cyberterrorists are better funded than hactivist

C. THE AIM OF A HACTIVIST IS NOT TO INCITE PANIC LIKE CYBERTERRORISTS

In a general sense, "security" is _______. a. only available on specialized computers b. protection from only direct actions c. the steps necessary to protect a person or property from harm d. something that can be relatively easy to achieve

C. THE STEPS NECESSARY TO PROTECT A PERSON OR PROPERTY FROM HARM

Why can brokers command such a high price for what they sell? a. brokers are licensed professionals b. the attack targets are always wealthy corporations c. the vulnerability they uncover was previously unknown and is unlikely to be patched quickly. d. brokers work in teams and all members must be compensated

C. THE VULNERABILITY THEY UNCOVER WAS PREVIOUSLY UNKNOWN AND IS UNLIKELY TO BE PATCHED QUICKLY

An example of a(n) _____ is a software defect in an operating system that allows unauthorized users to gain access to a computer without a password. a. asset exploit (AE) b. threat agent c. vulnerability d. threat

C. VULNERABILITY

The _______ requires that enterprises must guard and implement policies and procedures to safeguard it. a. hospital protection and insurance association agreement (HIPAA) b. sarbanes-oxley Act (Sarbox) c. Gramm-Leach-Bliley Act (GBLA) d. Health Insurance Portability and accountability act (HIPAA)

D. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

Each of the following is a successive layer in which information security is achieved except: a. policies and procedures b. people c. products d. purposes

D. PURPOSES