Chapter 01 – Quiz Introduction to Security

Question 1

Question # 01

Successful attacks are usually not from software that is poorly designed and has architecture/design weaknesses.

a. True
b. False

Answer 1

b. False

Question 2

Question # 02

Smart phones give the owner of the device the ability to download security updates.

a. True
b. False

Answer 2

b. False

Question 3

Question # 03

As security is increased, convenience is often increased.

a. True
b. False

Answer 3

b. False

Question 4

Question # 04

To mitigate risk is the attempt to address risk by making the risk less serious.

a. True
b. False

Answer 4

a. True

Question 5

Question # 05

One of the challenges in combating cyberterrorism is that many of the prime targets are not owned and managed by the federal government.

a. True
b. False

Answer 5

a. True

Question 6

Question # 06

What term refers to an action that provides an immediate solution to a problem by cutting through the complexity that surrounds it?

a. unicorn
b. approved action
c. secure solution
d. silver bullet

Answer 6

d. silver bullet

Question 7

Question # 07

In what kind of attack can attackers make use of millions of computers under their control in an attack against a single server or network?

a. centered
b. local
c. remote
d. distributed

Answer 7

d. distributed

Question 8

Question # 08

Which term below is frequently used to describe the tasks of securing information that is in a digital format?

a. network security
b. information security
c. physical security
d. logical security

Answer 8

b. information security

Question 9

Question # 09

Which of the following ensures that data is accessible to authorized users?

a. availability
b. confidentiality
c. integrity
d. identity

Answer 9

a. availability

Question 10

Question # 10

In information security, what can constitute a loss?

a. theft of information
b. a delay in transmitting information that results in a financial penalty
c. the loss of good will or a reputation
d. all of the above

Answer 10

d. all of the above

Question 11

Question # 11

What type of theft involves stealing another person’s personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain?

a. cyberterrorism
b. identity theft
c. phishing
d. social scam

Answer 11

b. identity theft

Question 12

Question # 12

Under which laws are health care enterprises required to guard protected health information and implement policies and procedures whether it be in paper or electronic format?

a. HIPAA
b. HLPDA
c. HCPA
d. USHIPA

Answer 12

a. HIPAA

Question 13

Question # 13

Which term is used to describe individuals who want to attack computers yet lack the knowledge of computers and networks needed to do so?

a. cybercriminal
b. hacker
c. script kiddies
d. cyberterrorist

Answer 13

c. script kiddies

Question 14

Question # 14

Select the term that best describes automated attack software?

a. open-source utility
b. insider software
c. open-source intelligence
d. intrusion application

Answer 14

c. open-source intelligence

Question 15

Question # 15

What class of attacks use innovative attack tools and once a system is infected it silently extracts data over an extended period?

a. Inside Attacks
b. Advanced Persistent Threat
c. Embedded Attacks
d. Modified Threat

Answer 15

b. Advanced Persistent Threat

Question 16

Question # 16

What term describes a layered security approach that provides the comprehensive protection?

a. comprehensive-security
b. diverse-defense
c. limiting-defense
d. defense-in-depth

Answer 16

d. defense-in-depth

Question 17

Question # 17

Which of the following is a valid fundamental security principle?

(Choose all that apply.)

a. signature
b. diversity
c. simplicity
d. layering

Answer 17

b. diversity
c. simplicity
d. layering

Question 18

Question # 18

Which of the following are considered threat actors?

(Choose all that apply.)

a. brokers
b. competitors
c. administrators
d. individuals

Answer 18

a. brokers

b. competitors

Question 19

Question # 19

What are the four different risk response techniques?

Answer 19

Accept, transfer, avoid, and mitigate.

Question 20

Question # 20

Describe the security principle of simplicity.

Answer 20

Because attacks can come from a variety of sources and in many ways, information security is by its very nature complex.

The more complex something becomes, the more difficult it is to understand.

In addition, complex systems allow many opportunities for something to go wrong.

Complex security systems can be hard to understand, troubleshoot, and feel secure about.

As much as possible, a secure system should be simple for those on the inside to understand and use.

Complex security schemes are often compromised to make them easier for trusted users to work with, yet this can also make it easier for the attackers.

In short, keeping a system simple from the inside but complex on the outside can sometimes be difficult but reaps a significant benefit.