Security+ Chapter 1
Describe the security principle of simplicity.
A security system should be simple to understand from the inside, to make changes or fix something. But it should be complex from the outside, making it difficult to break into.
Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format? A. HIPAA B. HLPDA C. HCPA D. USHIPA
A. HIPAA
What information security position reports to the CISO and supervises technicians, administrators, and security staff? A. Security manager B. security engineer C.security auditor D. security administrator
A. security manager
What level of security access should a computer user have to do their job? A. Password protected B. Least amount C. Limiting amount D. authorized access
B. Least amount
A security system should be simple to understand from the inside, to make changes or fix something. But it should be complex from the outside, making it difficult to break into. A. Nimda B. Slammer C. Love Bug D. Code Red
C. Love Bug
Select the information protection item that ensures that information is correct and that no unauthorized person or malicious software has altered that data. A. availability B. confidentiality C. integrity D. identity
C. integrity
In information security, which of the following is an example of a threat actor? A. a force of nature such as a tornado that could destroy computer equipment B. a virus that attacks a computer network C. a person attempting to break into a secure computer network D. all of the above
D. all of the above
As security is increased, convenience is often increased. (True/False)
False
Smart phones give the owner of the device the ability to download security updates. (True/False)
False
Successful attacks are usually not from software that is poorly designed and has architecture/design weaknesses. (True/False)
False
The Sarbanes-Oxley Act restricts electronic and paper data containing personally identifiable financial information. (True/False)
False
The Security Administrator reports directly to the CIO. (True/False)
False
What are script kiddies?
Script kiddies are individuals who want attack computers but do not have the required knowledge to do so. To get around this they download software that is already made that can do it for them.
What is the Payment Card Industry Data Security Standard (PCI DSS)?
The PCI DSS is a set of security standards that all companies who process, store, or transmit credit/debit card information must follow.
Information security is achieved through a combination of what three entities? Provide at least one example of each entity.
The three entities are the CIA Triad. Confidentiality: Only approved individuals can access important and private information. Integrity: Ensures that the information is correct and no unauthorized user has made changes. Availability: Ensures that the authorized user is able to access the information when necessary.
A vulnerability is a flaw or weakness that allows a threat to bypass security. (True/False)
True
One of the challenges in combating cyberterrorism is that many of the prime targets are not owned and managed by the federal government. (True/False)
True
The CompTIA Security+ certification is a vendor-neutral credential. (True/False)
True
To mitigate risk is the attempt to address risk by making the risk less serious. (True/False)
True
