Review Questions

Review Questions
1. Each of the following is a reason why it is difficult to defend against today’s
attackers except _____________ .
A. speed of attacks
B. greater sophistication of attacks
C. complexity of attack tools
D. delays in patching hardware and work software products
2. A(n) _____ attack takes advantage of vulnerabilities that have not been previously
A. zero day
B. quick vulnerability assessment (QVA)
C. glamour
D. signature-based attack
3. _____ ensures that only authorized parties can view the information.
A. Availability
B. Integrity
C. Confidentiality
4. Each of the following is a successive layer in which information security is
achieved except _________________.
A. products
B. people
C. procedures
D. Intrusion Wormhole Defense (IWD)
5. A(n) _____ is a person or thing that has the power to carry out a threat.
A. vulnerability
B. threat agent
C. exploit
D. risk factor
6. Each of the following is a goal of information security except __________.
A. Prevent data theft
B. Decrease user productivity
C. Avoid legal consequences
D. Foil cyberterrorism
The _____ requires that enterprises must guard protected health information and
implement policies and procedures to safeguard it.
A. Health Insurance Portability and Accountability Act (HIPAA)
B. Sarbanes-Oxley Act (Sarbox)
C. Gramm-Leach-Bliley Act (GLBA)
D. Hospital Protection and Insurance Association Agreement (HPIAA)
8. Utility companies, telecommunications, and financial services are considered
prime targets of _____ because attackers can significantly disrupt business and
personal activities by destroying a few targets.
A. cyberterrorists
B. kiddie scripters
C. computer spies
D. blue hat hackers (BHH)
9. After an attacker probed a computer or network for information she would next
A. modify security settings
B. penetrate any defenses
C. paralyze networks and devices
D. circulate to other systems
10. An organization that purchased security products from different vendors in case
an attacker circumvented the Brand A device, yet would have more difficulty
trying to break through a Brand B device because they are different, is an example
of ________.
A. obscurity
B. layering
C. limiting
D. diversity
11. _____ is a superset of information security and includes security issues that do not
involve computers.
A. Google reconnaissance
B. Risk security (RS)
C. Information assurance (IA)
D. Asset restriction (AR)
12. _____ attacks come from multiple sources instead of a single source.
A. Distributed
B. Isolated
C. Script resource malware (SRM)
D. Form resource
13. _____ are a loose-knit network of attackers, identity thieves, and financial
A. Cybercriminals
B. Hackers
C. Spies
D. Script kiddies
14. Each of the following is a characteristic of cybercriminals except ________.
A. low motivation
B. less risk-averse
C. better funded
D. more tenacious
15. Each of the following is a characteristic of cybercrime except ________.
A. targeted attacks against financial networks
B. unauthorized access to information
C. theft of personal information
D. exclusive use of worms and viruses
16. An example of a(n) _____ is a software defect in an operating system that allows
an unauthorized user to gain access to a computer without a password
A. vulnerability
B. threat
C. threat agent
D. asset exploit (AE)
17. _____ requires banks and financial institutions to alert customers of their policies
and practices in disclosing customer information and to protect all electronic and
paper containing personally identifiable financial information.
A. California Savings and Loan Security Act (CS&LSA)
B. USA Patriot Act
C. Sarbanes-Oxley Act (Sarbox)
D. Gramm-Leach-Bliley Act (GLBA)
18. The term _____ is commonly used in a generic sense to identify anyone who
illegally breaks into a computer system.
A. hacker
B. cyberterrorist
C. Internet Exploiter
D. cyberrogue
19. An example of _____would be not revealing the type of computer, operating
system, software, and network connection a computer uses.
A. diversity
B. limiting
C. obscurity
D. layering
20. The _____ is primarily responsible for assessment, management, and
implementation of security.
A. Chief Information Security Officer (CISO)
B. security manager
C. security administrator
D. security technician