ITSY 1300 CHAPTERS1-5 REVIEW QUESTIONS &
ANSWERS
The tasks of securing information that is in a digital format, whether it be manipulated by
a microprocessor, preserved on a storage device, or transmitted over a network is
called: - Answer -Information Security
What are the three protections that must be extended over information? - Answer -CIA-
Confidentiality, Integrity, Availability
__________ ensures that only authorized parties can view the information. - Answer -
Confidentiality
__________ ensures that the information is correct and no unauthorized person or
malicious software has altered the data. - Answer -Integrity
__________ ensures that the data is accessible to authorized users. - Answer -
Availability
An _________ is an item that has value. - Answer -Asset
A type of action that has the potential to cause harm is known as a: - Answer -Threat
A flaw or weakness that allows a threat agent to bypass security is a: - Answer -
Vulnerability
A situation that involves exposure to some type of danger is a: - Answer -Risk
What are the 4 responses to risks? - Answer -Accept
Transfer
Avoid
Mitigate
To __________ risk simply means that the risk is acknowledged but no steps are taken
to address it. - Answer -Accept
A response to risk that allows a 3rd party to assume the responsibility of the risk is
known as risk: - Answer -Transfer
To __________ risks, involves identifying the risk but making the decision to not engage
in the activity. - Answer -Avoid
,To __________ risk is the attempt to address risk by making risk less serious. - Answer
-Mitigate
Healthcare enterprises must guard protected healthcare information and implement
policies and procedures to safeguard it, whether in paper or electronic format: - Answer
-HIPAA
Health Insurance Portability and Accountability Act 1996
Set of security standards that all companies that process, store, or transmit credit or
debit card information must follow: - Answer -PCI DSS
Payment Card Industry Data Security Standard
__________ is attacks that are intended to cause panic or provoke violence among
citizens, attacks directed at the banking industry, military installations, power plants, air
traffic control centers, and water systems. - Answer -Cyberterrorism
Individuals who want to attack computers yet they lack the knowledge of computers and
networks needed to do so are: - Answer -Script Kiddies
Freely available automated attack software used by Script Kiddies is known as: -
Answer -Open-Source Intelligence
A group of threat actors that is strongly motivated by ideology are known as: - Answer -
Hactivists
Protest or Retaliatory attacks
A new class of attack that uses innovative attack tools to infect a system and then
silently extracts data over an extended period is known as: - Answer -APT
Advanced Persistent Threat
APTs are most commonly associated with: - Answer -Nation State Actors
State sponsored attackers employed by a government for launching computer attacks
against their foes are known as: - Answer -Nation State Actors
When the U.S. hired the Israel government to help infiltrate the Iranian nuclear program,
or if they hired Logan's Exodus to do it, they would be known as: - Answer -Nation
State Actors
What are the 5 fundamental security principles for defense? - Answer -Layering
Limiting
Diversity
, Obscurity
Simplicity
Creating multiple obstacles of security defenses through which an attacker must
penetrate is known as: - Answer -Layering
__________ means that only the personnel who MUST use the data, have access to it.
- Answer -Limiting
Closely related to layering, as it is important to protect data with layers of security, the
layers themselves must also be: - Answer -Diverse (Diversity)
Information that is concealed, making it more difficult to attack a system, since nothing
is known about it and it is hidden from the outside is referring to: - Answer -Obscurity
Keeping a system easy to know and work on from the inside, but complex on the
outside to attackers refers to: - Answer -Simplicity
Software that enters a computer system without the user's knowledge or consent and
then performs an unwanted and usually harmful action is known as: - Answer -Malware
What are the two types of malware? - Answer -Viruses
Worms
What are the primary traits that malware possesses? - Answer -Circulation
Infection
Concealment
Payload Capabilities
Malicious computer code that reproduces itself on the same computer is known as a: -
Answer -Virus
A series of instructions that can be grouped together as a single command and are
often used to automate a complex set of tasks or a repeated series of tasks are known
as __________, which are a part of a data file such as in Excel .xlsx or Word .docx. -
Answer -Macros
What actions do viruses perform? - Answer -Unloads a payload to perform malicious
action
Reproduce itself by inserting its code into another file
A malicious program that uses a computer network to replicate is known as: - Answer -
Worm
What's the difference between a virus and a worm? - Answer -Virus infects program or
data file, can only be transferred by user
ANSWERS
The tasks of securing information that is in a digital format, whether it be manipulated by
a microprocessor, preserved on a storage device, or transmitted over a network is
called: - Answer -Information Security
What are the three protections that must be extended over information? - Answer -CIA-
Confidentiality, Integrity, Availability
__________ ensures that only authorized parties can view the information. - Answer -
Confidentiality
__________ ensures that the information is correct and no unauthorized person or
malicious software has altered the data. - Answer -Integrity
__________ ensures that the data is accessible to authorized users. - Answer -
Availability
An _________ is an item that has value. - Answer -Asset
A type of action that has the potential to cause harm is known as a: - Answer -Threat
A flaw or weakness that allows a threat agent to bypass security is a: - Answer -
Vulnerability
A situation that involves exposure to some type of danger is a: - Answer -Risk
What are the 4 responses to risks? - Answer -Accept
Transfer
Avoid
Mitigate
To __________ risk simply means that the risk is acknowledged but no steps are taken
to address it. - Answer -Accept
A response to risk that allows a 3rd party to assume the responsibility of the risk is
known as risk: - Answer -Transfer
To __________ risks, involves identifying the risk but making the decision to not engage
in the activity. - Answer -Avoid
,To __________ risk is the attempt to address risk by making risk less serious. - Answer
-Mitigate
Healthcare enterprises must guard protected healthcare information and implement
policies and procedures to safeguard it, whether in paper or electronic format: - Answer
-HIPAA
Health Insurance Portability and Accountability Act 1996
Set of security standards that all companies that process, store, or transmit credit or
debit card information must follow: - Answer -PCI DSS
Payment Card Industry Data Security Standard
__________ is attacks that are intended to cause panic or provoke violence among
citizens, attacks directed at the banking industry, military installations, power plants, air
traffic control centers, and water systems. - Answer -Cyberterrorism
Individuals who want to attack computers yet they lack the knowledge of computers and
networks needed to do so are: - Answer -Script Kiddies
Freely available automated attack software used by Script Kiddies is known as: -
Answer -Open-Source Intelligence
A group of threat actors that is strongly motivated by ideology are known as: - Answer -
Hactivists
Protest or Retaliatory attacks
A new class of attack that uses innovative attack tools to infect a system and then
silently extracts data over an extended period is known as: - Answer -APT
Advanced Persistent Threat
APTs are most commonly associated with: - Answer -Nation State Actors
State sponsored attackers employed by a government for launching computer attacks
against their foes are known as: - Answer -Nation State Actors
When the U.S. hired the Israel government to help infiltrate the Iranian nuclear program,
or if they hired Logan's Exodus to do it, they would be known as: - Answer -Nation
State Actors
What are the 5 fundamental security principles for defense? - Answer -Layering
Limiting
Diversity
, Obscurity
Simplicity
Creating multiple obstacles of security defenses through which an attacker must
penetrate is known as: - Answer -Layering
__________ means that only the personnel who MUST use the data, have access to it.
- Answer -Limiting
Closely related to layering, as it is important to protect data with layers of security, the
layers themselves must also be: - Answer -Diverse (Diversity)
Information that is concealed, making it more difficult to attack a system, since nothing
is known about it and it is hidden from the outside is referring to: - Answer -Obscurity
Keeping a system easy to know and work on from the inside, but complex on the
outside to attackers refers to: - Answer -Simplicity
Software that enters a computer system without the user's knowledge or consent and
then performs an unwanted and usually harmful action is known as: - Answer -Malware
What are the two types of malware? - Answer -Viruses
Worms
What are the primary traits that malware possesses? - Answer -Circulation
Infection
Concealment
Payload Capabilities
Malicious computer code that reproduces itself on the same computer is known as a: -
Answer -Virus
A series of instructions that can be grouped together as a single command and are
often used to automate a complex set of tasks or a repeated series of tasks are known
as __________, which are a part of a data file such as in Excel .xlsx or Word .docx. -
Answer -Macros
What actions do viruses perform? - Answer -Unloads a payload to perform malicious
action
Reproduce itself by inserting its code into another file
A malicious program that uses a computer network to replicate is known as: - Answer -
Worm
What's the difference between a virus and a worm? - Answer -Virus infects program or
data file, can only be transferred by user
