Network Security MIDTERM (Ch. 1 - 6) || 100% Accurate Answers.
Matthew's manager Renee recently informed him that she was concerned about the possibility of
a hacker tapping into their corporate database and altering customer records. What security goal
is Renee concerned about achieving?
a. Confidentiality
b. Alteration
c. Integrity
d. Availability correct answers c. Integrity
A janitor cleaning the floor of an organization's data center accidentally tripped over a power
cord and cut the power to a critical file server. Users who depend on that data to complete their
job functions are unable to access it and must take time off from work until IT personnel arrive
and restore power to the computer. What security principle is most involved in this incident?
a. Confidentiality
b. Integrity
c. Denial
d. Alteration correct answers c. Denial
Which one of the following DAD triad components is related to the CIA triad goal of integrity?
a. Disclosure
b. Denial
c. Alteration correct answers c. Alteration
DDoS attacks are a manifestation of which component of the DAD triad model of malicious
activity?
,a. Disclosure
b. Denial
c. Alteration correct answers b. Denial
Which of the following types of attacks is not normally considered a malicious code object?
a. Virus
b. DoS
c. Worm
d. Trojan horse correct answers b. DoS
Which one of the following asset valuation techniques does not place dollar values on assets?
a. Depreciated valuation
b. Replacement cost valuation
c. Original cost valuation
d. Qualitative valuation correct answers d. Qualitative valuation
The failure of a security administrator to apply the most recent security patches to a system is an
example of ________________.
a. threat
b. risk
c. vulnerability
d. malicious code
e. denial of service correct answers c. Vulnerability
,Jim decides to purchase a business insurance policy to protect himself against liability from
hacker attack. What risk management technique is Jim practicing?
a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance correct answers c. Risk transference
Beth evaluated the potential risk of a hacker entering a specific system and decided that it did not
justify the cost of purchasing an expensive intrusion detection system. What type of risk
management is Beth practicing?
a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance correct answers d. Risk acceptance
Richard is responsible for evaluating whether his company should develop and host a Web site
on the corporate network. He decides that the risk posed to the site by hackers overwhelms the
benefit that would be gained from having the site and decides not to develop the site. What risk
management technique is Richard practicing?
a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance correct answers b. Risk avoidance
, Alex is the network administrator for an organization. He decides to implement a new firewall on
the company's broadband Internet connection to prevent hackers from entering the network.
What risk management technique is Alex practicing?
a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance correct answers a. Risk mitigation
Which of the following terms describes the percentage of an asset that managers expect to be
destroyed as the result of a given risk?
a. ALE
b. AV
c. SLE
d. EF
e. ARO correct answers d. EF
Which of the following terms describes the number of times per year that managers expect a risk
to occur?
a. ALE
b. AV
c. SLE
d. EF
e. ARO correct answers e. ARO
Which of the following terms describes the expected loss each time a given risk occurs?
Matthew's manager Renee recently informed him that she was concerned about the possibility of
a hacker tapping into their corporate database and altering customer records. What security goal
is Renee concerned about achieving?
a. Confidentiality
b. Alteration
c. Integrity
d. Availability correct answers c. Integrity
A janitor cleaning the floor of an organization's data center accidentally tripped over a power
cord and cut the power to a critical file server. Users who depend on that data to complete their
job functions are unable to access it and must take time off from work until IT personnel arrive
and restore power to the computer. What security principle is most involved in this incident?
a. Confidentiality
b. Integrity
c. Denial
d. Alteration correct answers c. Denial
Which one of the following DAD triad components is related to the CIA triad goal of integrity?
a. Disclosure
b. Denial
c. Alteration correct answers c. Alteration
DDoS attacks are a manifestation of which component of the DAD triad model of malicious
activity?
,a. Disclosure
b. Denial
c. Alteration correct answers b. Denial
Which of the following types of attacks is not normally considered a malicious code object?
a. Virus
b. DoS
c. Worm
d. Trojan horse correct answers b. DoS
Which one of the following asset valuation techniques does not place dollar values on assets?
a. Depreciated valuation
b. Replacement cost valuation
c. Original cost valuation
d. Qualitative valuation correct answers d. Qualitative valuation
The failure of a security administrator to apply the most recent security patches to a system is an
example of ________________.
a. threat
b. risk
c. vulnerability
d. malicious code
e. denial of service correct answers c. Vulnerability
,Jim decides to purchase a business insurance policy to protect himself against liability from
hacker attack. What risk management technique is Jim practicing?
a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance correct answers c. Risk transference
Beth evaluated the potential risk of a hacker entering a specific system and decided that it did not
justify the cost of purchasing an expensive intrusion detection system. What type of risk
management is Beth practicing?
a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance correct answers d. Risk acceptance
Richard is responsible for evaluating whether his company should develop and host a Web site
on the corporate network. He decides that the risk posed to the site by hackers overwhelms the
benefit that would be gained from having the site and decides not to develop the site. What risk
management technique is Richard practicing?
a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance correct answers b. Risk avoidance
, Alex is the network administrator for an organization. He decides to implement a new firewall on
the company's broadband Internet connection to prevent hackers from entering the network.
What risk management technique is Alex practicing?
a. Risk mitigation
b. Risk avoidance
c. Risk transference
d. Risk acceptance correct answers a. Risk mitigation
Which of the following terms describes the percentage of an asset that managers expect to be
destroyed as the result of a given risk?
a. ALE
b. AV
c. SLE
d. EF
e. ARO correct answers d. EF
Which of the following terms describes the number of times per year that managers expect a risk
to occur?
a. ALE
b. AV
c. SLE
d. EF
e. ARO correct answers e. ARO
Which of the following terms describes the expected loss each time a given risk occurs?
