MIS 320 WWU EXAM 2 ACTUAL 2026
QUESTIONS SOLUTIONS GRADED A+
◉ The criminal organization has decided to leave their traditional
ways and pursue cyber attacks as their new mode of operation. Why
would they do this? Answer: Easier to hide their attacks
◉ Which of the following best describes what Della could do to
prevent unauthorized parties from viewing sensitive customer
information at her retail store? Answer: Use software to encrypt
data in a secure database
◉ Duante needs to research the behavior of attackers as well as how
they coordinate their attacks. Where is Duante most likely to look for
this type of information Answer: TTP database
◉ What is a TTP database? Answer: The adversary tactics,
techniques, and procedures (TTP) is a database of the behavior of
threat actors and how they orchestrate and manage attacks
◉ What are some of the challenges an organization may face when
trying to be in regulatory compliance as a relates to information
security? Answer: Virtually every industry has its own set of
regulations, a requirement in one regulation may negate one
another, no two states share the same side of regulations
,(Answer is all of the above)
◉ A visitor is trying to access a military base. The visitor needs to
supply their license and enter other personal information via a
kiosk. The visitor is eventually allowed to enter the base but is
limited to certain areas only. What security principles are being
employed? Select two. Answer: Authentication and authorization
◉ What is authentication? Answer: Verifying that a user is who they
claim to be
◉ What is authorization? Answer: Used to grant a user permission
to enter because their credentials are authentic
◉ A friend gets a virus and asks if you can help them fix the problem.
You both the computer with the bootable flash drive containing
security related tools and remove the virus. What type of control did
you employ? Answer: Corrective
◉ An entity is determined and decides to commit to a multi year
intrusion campaign with the goal of obtaining national security
information. Which of the following describes the type of attack the
entity is most likely to engage in? Select two. Answer: Data
exfiltration and APT
, ◉ What is APT? Answer: Is advanced persistent threats, or a new
class of attacks where innovative tools are used to infect the system
and then it's certainly extract data over an extended period of time
◉ Which of the following best describes the possible impact of an
attack where credit card data is stolen from a company and the
breach is eventually reported in the news? Select two. Answer: Loss
of reputation and possible prison time for the IT personnel
◉ Company A wants to be first to market with the product
forecasted to be very profitable. A few bad actors and Company A
launch an attack against company B to steal intellectual property
that will help them. What type of threat actor would do something
like this? Answer: Competitors
◉ What do competitors do? Answer: Launch attacks against an
opponent's system to steal classified information as well as new
product research
◉ Which of the following most accurately describes the similarities
and or differences between spear phishing and whaling? select two
Answer: Spear phishing uses customized information to target
specific users. Whaling targets wealthy individuals and senior
executives in a business
QUESTIONS SOLUTIONS GRADED A+
◉ The criminal organization has decided to leave their traditional
ways and pursue cyber attacks as their new mode of operation. Why
would they do this? Answer: Easier to hide their attacks
◉ Which of the following best describes what Della could do to
prevent unauthorized parties from viewing sensitive customer
information at her retail store? Answer: Use software to encrypt
data in a secure database
◉ Duante needs to research the behavior of attackers as well as how
they coordinate their attacks. Where is Duante most likely to look for
this type of information Answer: TTP database
◉ What is a TTP database? Answer: The adversary tactics,
techniques, and procedures (TTP) is a database of the behavior of
threat actors and how they orchestrate and manage attacks
◉ What are some of the challenges an organization may face when
trying to be in regulatory compliance as a relates to information
security? Answer: Virtually every industry has its own set of
regulations, a requirement in one regulation may negate one
another, no two states share the same side of regulations
,(Answer is all of the above)
◉ A visitor is trying to access a military base. The visitor needs to
supply their license and enter other personal information via a
kiosk. The visitor is eventually allowed to enter the base but is
limited to certain areas only. What security principles are being
employed? Select two. Answer: Authentication and authorization
◉ What is authentication? Answer: Verifying that a user is who they
claim to be
◉ What is authorization? Answer: Used to grant a user permission
to enter because their credentials are authentic
◉ A friend gets a virus and asks if you can help them fix the problem.
You both the computer with the bootable flash drive containing
security related tools and remove the virus. What type of control did
you employ? Answer: Corrective
◉ An entity is determined and decides to commit to a multi year
intrusion campaign with the goal of obtaining national security
information. Which of the following describes the type of attack the
entity is most likely to engage in? Select two. Answer: Data
exfiltration and APT
, ◉ What is APT? Answer: Is advanced persistent threats, or a new
class of attacks where innovative tools are used to infect the system
and then it's certainly extract data over an extended period of time
◉ Which of the following best describes the possible impact of an
attack where credit card data is stolen from a company and the
breach is eventually reported in the news? Select two. Answer: Loss
of reputation and possible prison time for the IT personnel
◉ Company A wants to be first to market with the product
forecasted to be very profitable. A few bad actors and Company A
launch an attack against company B to steal intellectual property
that will help them. What type of threat actor would do something
like this? Answer: Competitors
◉ What do competitors do? Answer: Launch attacks against an
opponent's system to steal classified information as well as new
product research
◉ Which of the following most accurately describes the similarities
and or differences between spear phishing and whaling? select two
Answer: Spear phishing uses customized information to target
specific users. Whaling targets wealthy individuals and senior
executives in a business
