JMU CIS 425 Exam 1 Guide questions
and answers already passed
Chief Information Security Officer (CISO) - correct answer ✔✔This person reports directly to the
CIO. This person is responsible for assessing, managing, and implementing security.
Security Manager - correct answer ✔✔reports to the CISO and supervises technicians,
administrators, and security staff
Security Administrator - correct answer ✔✔Has both technical knowledge and managerial skills.
Manages daily operations of security technology, and may analyze and design security solutions
within a specific entity as well as identifying users' needs
Security Technician - correct answer ✔✔The position of ____ is generally an entry-level position
for a person who has the necessary technical skills.
Silver Bullet - correct answer ✔✔An action that provides an immediate solution to a problem by
cutting through the complexity that surrounds it.
Lack of Vendor Support - correct answer ✔✔Some devices have no support from the company
that made the device, meaning no effort is made to fix any found vulnerabilities.
End-of-Life Systems - correct answer ✔✔Systems are so old that vendors have dropped all
support for security updates, or else charge an exorbitant fee to provide updates.
Race Condition - correct answer ✔✔Occurs when two concurrent threads of execution access a
shared resource simultaneously, resulting in unintended consequences.
,Zero Day Attack - correct answer ✔✔An attacker finds a vulnerability and initiates an attack to
take advantage of the weakness before users or security professionals are aware of the
vulnerability. No days of warning ahead of a new threat.
What is the relationship between security and convenience? - correct answer ✔✔Inverse; as
security is increased, convenience is often decreased.
Goal of IS? - correct answer ✔✔To ensure that protective measures are properly implemented
to ward off attacks and prevent the total collapse of the system when a successful attack does
occur.
3 extensions that must be protected over information? - correct answer ✔✔Confidentiality,
integrity, and availability
Threat Actor - correct answer ✔✔A person or element that has the power to carry out a threat.
Risk - correct answer ✔✔A situation that involves exposure to some type of danger.
Risk response techniques? - correct answer ✔✔Accept, transfer, avoid, and mitigate
Stuxnet - correct answer ✔✔Best hack of the decade. Worm is discovered in July 2010 which
targeted industrial software and equipment.
Cyberterrorism - correct answer ✔✔A premeditated, politically motivated attack against
information, computer systems, computer programs, and data that results in violence.
Script Kiddies - correct answer ✔✔Individuals who want to attack computers yet they lack the
knowledge of computers and networks needed to do so. (They use open-source scripts)
, Hactivists - correct answer ✔✔A group that is strongly motivated by ideology.
Nation State Actors - correct answer ✔✔State-sponsored attackers employed by a government
for launching computer attacks against foes.
Advanced Persistent Threat (APT) - correct answer ✔✔Attacks that use innovative tools to
attack and once a system becomes infected ___ silently extracts data over a persistent period.
Brokers - correct answer ✔✔Sell their knowledge of a vulnerability to other attackers or
governments.
5 fundamental security principles... - correct answer ✔✔-Layering
-Limiting
-Diversity
-Obscurity
-Simplicity
Layering - correct answer ✔✔Creates a barrier of multiple defenses that can be coordinated to
thwart a variety of attacks.
Limiting - correct answer ✔✔Limiting access to information reduces the threat against it
Diversity - correct answer ✔✔The layers must be different so that attackers cannot use the
same technique to bypass the next layer.
Obscurity - correct answer ✔✔Obscuring to the outside world what is on the inside makes
attacks much more difficult.
and answers already passed
Chief Information Security Officer (CISO) - correct answer ✔✔This person reports directly to the
CIO. This person is responsible for assessing, managing, and implementing security.
Security Manager - correct answer ✔✔reports to the CISO and supervises technicians,
administrators, and security staff
Security Administrator - correct answer ✔✔Has both technical knowledge and managerial skills.
Manages daily operations of security technology, and may analyze and design security solutions
within a specific entity as well as identifying users' needs
Security Technician - correct answer ✔✔The position of ____ is generally an entry-level position
for a person who has the necessary technical skills.
Silver Bullet - correct answer ✔✔An action that provides an immediate solution to a problem by
cutting through the complexity that surrounds it.
Lack of Vendor Support - correct answer ✔✔Some devices have no support from the company
that made the device, meaning no effort is made to fix any found vulnerabilities.
End-of-Life Systems - correct answer ✔✔Systems are so old that vendors have dropped all
support for security updates, or else charge an exorbitant fee to provide updates.
Race Condition - correct answer ✔✔Occurs when two concurrent threads of execution access a
shared resource simultaneously, resulting in unintended consequences.
,Zero Day Attack - correct answer ✔✔An attacker finds a vulnerability and initiates an attack to
take advantage of the weakness before users or security professionals are aware of the
vulnerability. No days of warning ahead of a new threat.
What is the relationship between security and convenience? - correct answer ✔✔Inverse; as
security is increased, convenience is often decreased.
Goal of IS? - correct answer ✔✔To ensure that protective measures are properly implemented
to ward off attacks and prevent the total collapse of the system when a successful attack does
occur.
3 extensions that must be protected over information? - correct answer ✔✔Confidentiality,
integrity, and availability
Threat Actor - correct answer ✔✔A person or element that has the power to carry out a threat.
Risk - correct answer ✔✔A situation that involves exposure to some type of danger.
Risk response techniques? - correct answer ✔✔Accept, transfer, avoid, and mitigate
Stuxnet - correct answer ✔✔Best hack of the decade. Worm is discovered in July 2010 which
targeted industrial software and equipment.
Cyberterrorism - correct answer ✔✔A premeditated, politically motivated attack against
information, computer systems, computer programs, and data that results in violence.
Script Kiddies - correct answer ✔✔Individuals who want to attack computers yet they lack the
knowledge of computers and networks needed to do so. (They use open-source scripts)
, Hactivists - correct answer ✔✔A group that is strongly motivated by ideology.
Nation State Actors - correct answer ✔✔State-sponsored attackers employed by a government
for launching computer attacks against foes.
Advanced Persistent Threat (APT) - correct answer ✔✔Attacks that use innovative tools to
attack and once a system becomes infected ___ silently extracts data over a persistent period.
Brokers - correct answer ✔✔Sell their knowledge of a vulnerability to other attackers or
governments.
5 fundamental security principles... - correct answer ✔✔-Layering
-Limiting
-Diversity
-Obscurity
-Simplicity
Layering - correct answer ✔✔Creates a barrier of multiple defenses that can be coordinated to
thwart a variety of attacks.
Limiting - correct answer ✔✔Limiting access to information reduces the threat against it
Diversity - correct answer ✔✔The layers must be different so that attackers cannot use the
same technique to bypass the next layer.
Obscurity - correct answer ✔✔Obscuring to the outside world what is on the inside makes
attacks much more difficult.
