Principles of information security midterm questions
and answers with solutions
In information security, what can constitute a loss? - ANSWER theft of information
a delay in transmitting information that results in a financial penalty
the loss of good will or a reputation
In information security, which of the following is an example of a threat actor? - ANSWER a
force of nature such as a tornado that could destroy computer equipment
a virus that attacks a computer network
a person attempting to break into a secure computer network
In what kind of attack can attackers make use of millions of computers under their control in an
attack against a single server or network? - ANSWER distributed
Select the information protection item that ensures that information is correct and that no
unauthorized person or malicious software has altered that data. - ANSWER integrity
, To date, the single most expensive malicious attack occurred in 2000, which cost an estimated
$8.7 billion. What was the name of this attack? - ANSWER Love Bug
Under which laws are health care enterprises required to guard protected health information
and implement policies and procedures whether it be in paper or electronic format? - ANSWER
HIPAA
What class of attacks use innovative attack tools and once a system is infected it silently extracts
data over an extended period? - ANSWER Advanced Persistent Threat
What level of security access should a computer user have to do their job? - ANSWER least
amount
What process describes using technology as a basis for controlling the access and usage of
sensitive data? - ANSWER technical controls
What term best describes any premeditated, politically motivated attack against information,
computer systems, computer programs, and data which results in violence against
noncombatant targets by subnational groups or clandestine agents? - ANSWER cyberterrorism
What term describes a layered security approach that provides the comprehensive protection? -
ANSWER defense-in-depth
What term is used to describe a group that is strongly motivated by ideology, but is usually not
considered to be well-defined and well-organized? - ANSWER hactivists
What term is used to describe state-sponsored attackers that are used for launching computer
attacks against their foes? - ANSWER nation state actors
and answers with solutions
In information security, what can constitute a loss? - ANSWER theft of information
a delay in transmitting information that results in a financial penalty
the loss of good will or a reputation
In information security, which of the following is an example of a threat actor? - ANSWER a
force of nature such as a tornado that could destroy computer equipment
a virus that attacks a computer network
a person attempting to break into a secure computer network
In what kind of attack can attackers make use of millions of computers under their control in an
attack against a single server or network? - ANSWER distributed
Select the information protection item that ensures that information is correct and that no
unauthorized person or malicious software has altered that data. - ANSWER integrity
, To date, the single most expensive malicious attack occurred in 2000, which cost an estimated
$8.7 billion. What was the name of this attack? - ANSWER Love Bug
Under which laws are health care enterprises required to guard protected health information
and implement policies and procedures whether it be in paper or electronic format? - ANSWER
HIPAA
What class of attacks use innovative attack tools and once a system is infected it silently extracts
data over an extended period? - ANSWER Advanced Persistent Threat
What level of security access should a computer user have to do their job? - ANSWER least
amount
What process describes using technology as a basis for controlling the access and usage of
sensitive data? - ANSWER technical controls
What term best describes any premeditated, politically motivated attack against information,
computer systems, computer programs, and data which results in violence against
noncombatant targets by subnational groups or clandestine agents? - ANSWER cyberterrorism
What term describes a layered security approach that provides the comprehensive protection? -
ANSWER defense-in-depth
What term is used to describe a group that is strongly motivated by ideology, but is usually not
considered to be well-defined and well-organized? - ANSWER hactivists
What term is used to describe state-sponsored attackers that are used for launching computer
attacks against their foes? - ANSWER nation state actors
