Chapter 1

Question 1

Ian recently earned his security certification and has been offered a promotion to a position that requires him to analyze and design security solutions as well as identifying users’ needs. Which of these generally recognized security positions has Ian been offered?

Answer 1

Security Administrator

Question 2

Tatyana is discussing with her supervisor potential reasons why a recent attack was successful against one of their systems. Which of the following configuration issues would NOT covered?

Answer 2

Default configurations

Question 3

What is a race condition?

Answer 3

occurs when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.

Question 4

Which of the following is NOT true regarding security?

Answer 4

Security is a war that must be won at all costs.

Question 5

Adone is attempting to explain to his friend the relationship between security and convenience. Which of the following statements would he use?

Answer 5

“Security and convenience are inversely proportional.”

Question 6

Which of the following ensures that only authorized parties can view protected information?

Answer 6

Availability

Question 7

Which of the following is NOT a successive layer in which information security is achieved?

Answer 7

Purposes

Question 8

Complete this definition of information security: That which protects the integrity, confidentiality, and availability of information .

Answer 8

through products, people, and procedures on the devices that store, manipulate, and transmit the information.

Question 9

Which of the following is an enterprise critical asset?

Answer 9

Information

Question 10

Gunnar is creating a document that explains risk response techniques. Which of the following would he NOT list and explain in his document?

a. Extinguish risk
b. Transfer risk
c. Mitigate risk
d. Avoid risk

Answer 10

Extinguish risk

Question 11

Which act requires banks and financial institutions to alert their customers of their policies in disclosing customer information?
a. Sarbanes-Oxley Act (Sarbox)
b. Financial and Personal Services Disclosure Act
c. Health Insurance Portability and Accountability Act (HIPAA)
d. Gramm-Leach-Bliley Act (GLBA)

Answer 11

d. Gramm-Leach-Bliley Act (GLBA)

Question 12

Why do cyberterrorists target power plants, air traffic control centers, and water systems?

Answer 12

They can cause significant disruption by destroying only a few targets.

Question 13

Which tool is most commonly associated with nation state threat actors?

Answer 13

Closed-Source Resistant and Recurrent Malware (CSRRM)

Advanced Persistent Threat (APT)

Unlimited Harvest and Secure Attack (UHSA)

Network Spider and Worm Threat (NSAWT)

Question 14

An organization that practices purchasing products from different vendors is demonstrating which security principle?

Answer 14

Diversity

Question 15

What is an objective of state-sponsored attackers?

Answer 15

To right a perceived wrong

To amass fortune over of fame

To spy on citizens

To sell vulnerabilities to the highest bidder

Question 16

Signe wants to improve the security of the small business where she serves as a security manager. She determines that the business needs to do a better job of not revealing the type of computer, operating system, software, and network connections they use. What security principle does Signe want to use?

Answer 16

Obscurity

Question 17

What are industry-standard frameworks and reference architectures that are required by external agencies known as?

Answer 17

Mandatory

Question 18

What is the category of threat actors that sell their knowledge of vulnerabilities to other attackers or governments?

Answer 18

Brokers