Chapter 1 Textbook Canvas Questions

Which tool is most commonly associated with nation-state actors? Closed-Source Resistant and Recurrent Malware (CSRRM) Advanced Persistent Threat (APT) Unlimited Harvest and Secure Attack (UHSA) Network Spider and Worm Threat (NSAWT)

Advanced Persistent Threat (APT)

Which of the following AAA elements is applied immediately after a user has logged into a computer with their username and password? Authentication Authorization Identification Recording

Authorization

Which of the following controls is NOT implemented before an attack occurs? Detective control Deterrent control Preventive control Preventive control

Detective control

Flavia is reading about insider threats. Which of the following is NOT true about insider threats? Attacks from an insider threat are hard to recognize. Insider threats are usually dismissed as not being a serious risk. Insider threats often occur because the enterprise is watching for outsiders. Government insiders have stolen large volumes of sensitive information.

Insider threats are usually dismissed as not being a serious risk.

Which of the following is NOT a message-based attack surface? Voice calls Instant messages Texts Network protocols

Network protocols

Gia has been asked to enhance the security awareness training workshop for new hires. Which category of security control would Gia be using? Managerial Technical Operational Physical

Operational

Which of the following is false about the CompTIA Security+ certification? Security+ is one of the most widely acclaimed security certifications. Security+ is internationally recognized as validating a foundation level of security skills and knowledge. The Security+ certification is a vendor-neutral credential. Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.

Professionals who hold the Security+ certification earn about the same or slightly less than security professionals who have not achieved this certification.

Vittoria is working on her computer information systems degree at a local college and has started researching information security positions. Because she has no prior experience, which of the following positions would Vittoria most likely be offered?

Security Technician

Ginevra is explaining to her roommate the relationship between security and convenience. Which statement most accurately indicates this relationship? Security and convenience are directly proportional. Security and convenience have no relationship. Any proportions between security and convenience depends on the type of attack. Security and convenience are inversely proportional.

Security and convenience are inversely proportional.

What is another name for "attack surface"? Vulnerability exposure Threat vector Legacy platform Attack floor

Threat vector

Which of the following is NOT true about supply chains? A supply chain is a network that moves a product from its creation to the end-user. Vendors are the first step in a supply chain. Each link in a supply chain can be a potential attack surface. Hardware providers and software providers are types of supply chains.

Vendors are the first step in a supply chain.

Serafina is studying to take the Security+ certification exam. Which of the following of the CIA elements ensures that only authorized parties can view protected information? Confidentiality Integrity Availability Credentiality

Confidentiality

Which specific type of control is intended to mitigate (lessen) damage caused by an attack? Corrective control Compensating control Preventive control Restrictive control

Corrective control

Ilaria is explaining to her parents why information security is the preferred term when talking about security in the enterprise. Which of the following would Ilaria NOT say? Cybersecurity usually involves a range of practices, processes, and technologies intended to protect devices, networks, and programs that process and store data in an electronic form. In a business information may be in any format, from electronic files to paper documents. Cybersecurity is a subset of information security. Information security protects "processed data" or information.

Cybersecurity is a subset of information security.

Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information A. on electronic digital devices and limited analog devices that can connect via the Internet or through a local area network B. through a long-term process that results in ultimate security C. using both open-sourced as well as supplier-sourced hardware and software that interacts appropriately with limited resources D. through products, people, and procedures on the devices that store, manipulate, and transmit the information

D. through products, people, and procedures on the devices that store, manipulate, and transmit the information

Which control is designed to ensure that a particular outcome is achieved by providing incentives? Deterrent control Incentive control Detective control Directive control

Directive control

What is the primary motivation of hacktivists? Disruption/chaos Financial gain Data exfiltration War

Disruption/chaos

Which of the following is not considered an attribute of threat actors? Level of sophistication/capability Educated/uneducated Resources/funding Internal/external

Educated/uneducated

What is considered the motivation of an employee who practices shadow IT? Deception Ignorance Ethical Malicious

Ethical

Which of the following groups have the lowest level of technical knowledge for carrying out cyberattacks? Unskilled attackers Hacktivists Nation-state actors Nation-state actors

Unskilled attackers